INSUBCONTINENT EXCLUSIVE:
New research from Proofpoint has revealed that cybercriminals are using social engineering lures related to various coronavirus stimulus
packages around the world to trick users into clicking on malicious links or downloading files with malware.One such campaign in the US is
targeting US healthcare and higher education organizations as well as companies in the technology industry with emails that contain a
message claiming that the Trump administration is considering sending American adults a check to help stimulate the economy
The email asks recipients to verify their email account through a malicious link that directs them to a phishing page.Another campaign
However, the message contains a PDF attachment with an embedded URL that leads to a OneDrive credential phishing page.Proofpoint also
Once again though, the email contains a malicious Microsoft Excel branded attachment that steals users' emails and passwords.In addition to
the other campaigns Proofpoint discovered, the cybersecurity firm also found two that try and steal users' credit card numbers.The first one
is a small email campaign that tries to steal user IDs, passwords and credit card numbers
To help increase its credibility, the campaign claims to come from a major US credit card company and promises to waive late fees and issue
attempts to steal their ID, password, email credit card and other details.The second email campaign is much larger and primarily targets the
manufacturing, technology and transportation industries as well as healthcare, aerospace, retail, energy, business services and hospitality
The campaign claims to be from a major UK bank with global customers and also spoofs their branding
However, the link then takes users to a spoofed page for the bank that asks for their name, address and credit card number.In a blog post
detailing these various campaigns, the Proofpoint Research Team explains that we will likely see the cybercriminals behind them continue to
these recent payment-related lures underscore that threat actors are paying attention to new developments
