Threat actors capitalising on the COVID-19 fears with new phishing attacks.
The Cofense Phishing Defense Center (PDC) discovered that malicious threat actors are capitalising on the populations’ fear amid the COVID-19 pandemic with new phishing attacks.
The attackers use socially engineered email campaigns which are promising the recipients access to important information about newly discovered cases of COIVD-19 in their area.
The phishing email campaign uses spoofing tactics to effectively evade Proofpoint and Microsoft Office 365 advanced threat protections (ATPs). The phishing emails do not include any personalisation such as the recipient’s first name; nor do they have any greeting in the email copy. Which, according to Cofense, suggests that the emails are being sent out to a broad target audience.
Cofense researcher Kian Mahdavi said that “while these secure email gateways (SEGs) are designed to safeguard end users from clicking on malicious links and attachments, both failed in a new phishing attack they recently observed.”
In order to evade detection by ATPs, the attackers are impersonating the domain splashmath.com which is an online learning game for children. They are using a spoofed IP address located in the U.S. – 22.214.171.124. By examining the phishing attack deeper, Cofense discovered that the emails sent to people are not coming from spoofed addresses; but rather, an IP corresponding with Kaunas (a city in Lithuania).
Once the phishing email bypasses the Proofpoint and Microsoft 365 ATPs, the threat actors spoof the sender email address; and, use keywords in the subject line in order to trick the recipient into believing that the email is coming from a trusted source of information regarding COVID-19.
This latest email phishing attack is one of many new cyber-attacks that has been created by attackers; and, used in the last month as the pandemic spreads.