Threat actors continue using COVID-19 fears to exploit individuals on a variety of channels. Today we are taking a look at two new, related SMS lures.
We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic.
The first example is a lure we found targeting a major Canadian bank. In it, the threat actor prompts the victim to click on the link http://s4-update0{dot}.com/3/, which leads to a web site asking for banking credentials.
This phish, as well as others we identified, were tied to the email [email protected].
IP Address: 111.90.142.123
The second example also targets major Canadian banks. By clicking the link, victims are led to emergencycanadaresponse.xyz and asked to choose their bank, as well as enter their account information.
The lack of security filtering on our phones, plus the misguided belief that they are secure makes SMS or text messages a prime - and growing - avenue for malicious activity. Unfortunately, there are numerous issues in identifying and reporting SMS Lures. That, in addition to the ease with which we use our devices, makes this type of lure a particularly effective one.
For more intelligence on COVID-19 threats, see our ongoing coverage.
Additional Resources:
- Digital Risk Protection for Mobile
- Digital Risk Protection
- Credential Theft Phishing Attack Prevention