Canindia News

Hackers creating scam sites similar to COVID-19 relief packages

New Delhi, April 20 (IANS) With the COVID-19 pandemic shutting down major parts of the global economy, governments are responding with massive stimulus packages aimed at supporting businesses and individuals. And not surprisingly, cyber-attackers are busy using scam and phishing techniques to get their share, security researchers warned on Monday.

These scam websites use the news of the coronavirus financial incentives, and fears about coronavirus to try and trick people into using the websites or clicking on links, cybersecurity firm Check Point Software Technologies said in a blog.

Users who visit these malicious domains instead of the official government websites risk having their personal information stolen and exposed, or payment theft and fraud.

Check Point researchers have found that since January, a total of 4,305 domains relating to new stimulus/relief packages have been registered globally.

In March 2020, a total of 2,081 new domains were registered –38 malicious and 583 suspicious.

In the first week of April, 473 were registered — 18 malicious, 73 suspicious.

“We’ve also seen a major increase in the week starting March 16 during which the American government proposed the stimulus package to taxpayers,” said the company.

The number of new domains registered that week was 3.5 times higher compared to the average of previous weeks, it added.

In the US alone, the federal government is rolling out a $2 trillion package of Economic Impact Payments to help give the economy a shot in the arm and prevent a crash.

Hackers and threat actors want to cash in on the rush to get these vital payments and fill their own pockets at the expense of others.

Google recently reported that in just one week from 6 to 13 April, it saw more than 18 million daily malware and phishing emails related to Covid-19 scams – and that’s in addition to the 240 million daily spam messages it sees related to coronavirus.

Giving examples of economic stimulus-related attacks, Check Point cited emails with malicious attachments such as “RE: UN COVID-19 Stimulus” (distributing the AgentTesla malware) and “COVID-19 Payment” distributing the Zeus Sphinx trojan.

When clicking on the “Reconfirm” button, the victim is directed to a phishing login page.

The researchers said that 94 per cent of coronavirus-related attacks during the past two weeks were phishing attacks, while three per cent were mobile attacks — either via dedicated mobile malware or via malicious activity carried out on a mobile device.

“We have also seen a huge increase in the number of attacks, to an average of 14,000 a day, which is six times the average number of daily attacks when compared to the previous two weeks. And over the past week from 7th April, the average number of daily attacks increased sharply to 20,000,” Check point said.

Since mid-February we have seen an escalation in the number of coronavirus-related domains being registered.

In the past two weeks, almost 17,000 new coronavirus-related domains had been registered, warned the cybersecurity firm, adding that two per cent of those domains were found to be malicious, and another 21 per cent suspicious.

In all, there have been 68,000 coronavirus-related domains registered since the beginning of the outbreak in January 2020, it said.

To stay protected against phishing attacks, people should beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.




Hacker selling CEO, CFO email accounts for as less as Rs 7,400

CanIndia New Wire Service

Police on alert as farmers may open new front on Delhi-UP border

CanIndia New Wire Service

Prannoy & Radhika Roy barred for securities market for ‘insider trading’

CanIndia New Wire Service

Good Samaritans offer ‘langar’ to people at Delhi’s Burari ground

CanIndia New Wire Service

Discrimination, gender barriers bane for women lawyers: Justice Gita Mittal

CanIndia New Wire Service

Leh freezes at minus 12.9, mercury dips across J&K

CanIndia New Wire Service

Polling for DDC elections begins in J&K

CanIndia New Wire Service

AAP’s welcome banners come up as farmers camp at Burari ground

CanIndia New Wire Service

Singhu, Tikri borders still shut, farmers reluctant to go to Burari

CanIndia New Wire Service

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More


Stay up to date with the latest news and exclusive offers directly in your inbox