Cyber criminals are using COVID-19 to manipulate users on Twitter and steal funds through payment applications. Our latest example demonstrates how victims are being targeted with fake credential dumps.
We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic.
In the above, the threat actor claims to help individuals discover whether their passwords have been published online without their permission, for a fee. The post lists multiple payment applications for a cash deposit prior to services rendered.
There are legitimate free services online like https://haveibeenpwned.com/ that search publicly known credential dumps for account information. This scam is dependent on the victim being unaware of that, and as a result, paying for information that is easily accessible online or paying to receive no results at all.
Coronavirus is mentioned to add legitimacy as well as online visibility to the post. The victim can assume that because the threat actor is providing services due to the pandemic, it is either out of empathy for those affected or because account data in general may now be more prone to a breach.
If the victim submits payment through one of the cash applications, any communication between the threat actor and victim will likely cease and the money will be lost.
Recently, the sensitive data of several high profile organizations was exposed online by activists exploiting the pandemic. While credential dumps are not new, attributing a breach - whether real or not - to the crisis is yet another way the bad guys are altering their attack infrastructure to feed off fear and uncertainty.
For more intelligence on COVID-19 threats, see our ongoing coverage.