Scammers Target US Stimulus Checks

In the latest sorry COVID-19 scam, fraudsters are impersonating financial institutions to steal from Americans expecting stimulus checks from the US federal government. 

Following the outbreak of the novel coronavirus, many Americans have been furloughed, fired, or had their hours or workload reduced as businesses across the country closed and lockdown measures were implemented. 

To soften the economic blow dealt by the deadly virus, the US Senate approved a $2tn stimulus package on March 25. 

Knowing that people all across America are now waiting to receive a government check, threat actors have swooped in to exploit the situation.

Researchers at Abnormal Security have detected an attack in which scammers impersonating a major financial institution are asking victims to verify their financial details before their stimulus funds can be released.

"These attackers created a convincing email and landing page that appeared to come from a major financial institution," wrote researchers.

"The email sent by the attackers claims that this financial institution has placed the funds on hold until the user can sign in and 'verify account ownership' so they can be released."

The email contains a link to a fake website that appears to be from a legitimate financial institution. 

"The URL is masked with a link, and the real URL takes victims to a site hosted at 'https://theruncoach.icu/home.php,' which attackers likely control and will use to steal the login credentials for this financial institution from victims," wrote researchers. 

Should recipients of the email fall victim to this attack, the login information for their banking account will become compromised.

In a bid to appear authentic, the attackers also inserted other genuine links into the email, including one that took users to the impersonated financial institution's real privacy statement.  

"The landing page was similarly elaborate, appearing almost exactly like the true bank landing page," wrote researchers. 

"Recipients would be hard-pressed to understand that this was, in fact, a site designed specifically to steal their credentials."

Researchers would not name which financial institution the scammers they observed were pretending to be associated with. 

"Please keep in mind that, although these attackers were impersonating one specific financial institution for this attack, they have already launched attacks impersonating many other financial institutions," said the researchers.

What’s Hot on Infosecurity Magazine?