Yet another new campaign exploiting the ongoing COVID-19 pandemic has been seen online. The latest scheme used fake Instagram accounts for financial institutions to target its victims. Following the start of the COVID-19 pandemic, many organizations including banks schools, and governments at all levels began setting up information pages for their response to COVID-19. These fake Instagram accounts look to target those efforts by appearing to be Instagram accounts specifically for sharing an organization’s COVID-19 response plans on social media. The accounts even contain links directly back to the actual organization’s websites. The actual scam attempt then comes in the form of a direct private message from the fake account to anyone who follows the account. The direct message claims that the victim has been randomly selected from their followers to receive a “special gift” and asks them to send a text message to a provided phone number to discuss with an agent how to receive their gift. Once the victim begins their conversation with the “agent” they are asked to provide their account information, including their password, so that the money they have won can be deposited into their account. This information is then likely to be leveraged by the scammers to compromise the victim’s bank account and steal money.
Analyst Notes
Many financial institutions have communicated to their customers that they are willing to work with and assist those who have been financially impacted by the pandemic. As a number of states continue to be locked down, more people are finding themselves without income or suffering from decreased income. This makes people who need financial assistance or information attractive targets for scammers. Financial institutions will not ask users for their login credentials over the phone. More information on this incident can be found at: https://securityboulevard.com/2020/05/covid-19-phishing-update-scammers-impersonating-financial-institutions-on-instagram/
