Yet another new campaign exploiting the ongoing COVID-19 pandemic has been seen online. The latest scheme used fake Instagram accounts for financial institutions to target its victims. Following the start of the COVID-19 pandemic, many organizations including banks schools, and governments at all levels began setting up information pages for their response to COVID-19. These fake Instagram accounts look to target those efforts by appearing to be Instagram accounts specifically for sharing an organization’s COVID-19 response plans on social media. The accounts even contain links directly back to the actual organization’s websites. The actual scam attempt then comes in the form of a direct private message from the fake account to anyone who follows the account. The direct message claims that the victim has been randomly selected from their followers to receive a “special gift” and asks them to send a text message to a provided phone number to discuss with an agent how to receive their gift. Once the victim begins their conversation with the “agent” they are asked to provide their account information, including their password, so that the money they have won can be deposited into their account. This information is then likely to be leveraged by the scammers to compromise the victim’s bank account and steal money.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased