Threat Watch

Phishing Kits Impersonate Official Government Websites

As threat actors continue to use fake information about the Coronavirus in attempts to trick people into revealing passwords, credit card numbers and bank account information, phishing kits that are now available for sale on cyber-criminal underground forums have made it easier than ever to impersonate government websites. The email security firm Proofpoint identified over 300 phishing campaigns, many of which are using websites that appear to be nearly identical copies of websites for the World Health Organization, the US Centers for Disease Control and Prevention, the IRS, Canadian government agencies and the UK’s HMRC, among others. The websites are designed to steal sensitive information from victims and are distributed as links from email phishing messages that appear to be urgent.

ANALYST NOTES

Because the phishing kits are available on criminal forums and underground markets, it means more criminals can deploy convincing-looking fake websites, even if they otherwise lack the skill to create sophisticated copies. Companies and individuals should be aware of these fakes and use caution when following links to websites from suspicious email messages. Instead of clicking on links from email, it is advisable to visit government websites directly by typing in a known address, using a website bookmark, or searching for the government agency in a trustworthy search engine. Government agencies, especially public health organizations, will not send email messages requesting credit card or banking information.
For more information, please see: https://www.zdnet.com/article/crooks-are-using-realistic-looking-webpage-templates-to-trick-you-into-handing-over-personal-data/