Crooks are using realistic-looking webpage templates to trick you into handing over personal data

Coronavirus-related hacking campaigns are very popular - and attackers can easily mimic governments and organisations around the world in an effort to dupe victims into handing over data.
Written by Danny Palmer, Senior Writer

Cyber criminals are still attempting to exploit the coronavirus pandemic for their own gain and they're being helped by website templates that allow them to mimic government agencies and companies.

Researchers at cybersecurity company Proofpoint have identified over 300 phishing campaigns designed to steal personal information and bank details from victims – and many are using sites that are indistinguishable from the real thing, complete with authentic imagery and user interfaces.

The security company warned that these template make it easy for scammers to quickly create high-quality, malicious web domains to insert into their COVID-19 phishing campaigns.

SEE: Cybersecurity: Let's get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

Bodies from the World Health Organization, the US Centers for Disease Control, the IRS, the UK's HMRC and even local councils across London are being mimicked in ready-to-use campaigns.

Many of the templates that are available on underground forums and marketplaces also feature multiple pages, making them look more authentic – therefore helping to trick visitors about the true intentions of the websites.

For example, a phishing website designed to look like Canadian government services provide both English-speaking and French-speaking options for entering details – and indicates that the attackers want to cover all bases possible.

"It tells us that the threat actors behind these sites pay attention to where people are going and what they use and take care to make their sites as credible as possible," Sherrod DeGrippo, senior director of threat research and detection at Proofpoint, told ZDNet.

"This makes them look more legitimate and therefore more likely to gather the credentials from the user," she said.

Potential victims are often directed to these phoney websites in phishing attacks, usually under the impression that there's an urgent action that needs to be taken.

And while the attacks have proved successful, not all of these bogus sites are perfect: for example, one of the HMRC phishing websites has a completely different user interface to the real thing.

SEE: Coronavirus: Business and technology in a pandemic

But however the site is designed, the end goal is the same – steal login credentials, bank information and other personal data from users. And COVID-19 remains a key lure for a wide range of cyberattacks.

"These are made by a variety of threat actors who are large and small," said DeGrippo.

It's expected that campaigns related to COVID-19 will continue for as long as the outbreak itself does.

Cyber criminals have been attempting to exploit the coronavirus crisis for most of this year, often by posing as websites offering advice or claiming to offer cures or protective equipment related to the outbreak.

The UK's National Cyber Security Centre (NCSC) has taken a number of fraudulent websites down after tip-offs following the launch of the suspicious email-reporting service. While the overall number of phishing emails and cyberattacks hasn't gone up, cyber criminals are increasingly turning to coronavirus as a subject to lure victims into giving away their information.

The sudden rise in remote working has also caused additional security risks for both people and the organisations they work for.


Editorial standards