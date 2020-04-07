Infosecurity Group Websites
Latest
News

Scammers Target US Stimulus Checks

In the latest sorry COVID-19 scam, fraudsters are impersonating financial institutions to steal from Americans expecting stimulus checks from the US federal government. 

Following the outbreak of the novel coronavirus, many Americans have been furloughed, fired, or had their hours or workload reduced as businesses across the country closed and lockdown measures were implemented. 

To soften the economic blow dealt by the deadly virus, the US Senate approved a $2tn stimulus package on March 25. 

Knowing that people all across America are now waiting to receive a government check, threat actors have swooped in to exploit the situation.

Researchers at Abnormal Security have detected an attack in which scammers impersonating a major financial institution are asking victims to verify their financial details before their stimulus funds can be released.

"These attackers created a convincing email and landing page that appeared to come from a major financial institution," wrote researchers.

"The email sent by the attackers claims that this financial institution has placed the funds on hold until the user can sign in and 'verify account ownership' so they can be released."

The email contains a link to a fake website that appears to be from a legitimate financial institution. 

"The URL is masked with a link, and the real URL takes victims to a site hosted at 'https://theruncoach.icu/home.php,' which attackers likely control and will use to steal the login credentials for this financial institution from victims," wrote researchers. 

Should recipients of the email fall victim to this attack, the login information for their banking account will become compromised.

In a bid to appear authentic, the attackers also inserted other genuine links into the email, including one that took users to the impersonated financial institution's real privacy statement.  

"The landing page was similarly elaborate, appearing almost exactly like the true bank landing page," wrote researchers. 

"Recipients would be hard-pressed to understand that this was, in fact, a site designed specifically to steal their credentials."

Researchers would not name which financial institution the scammers they observed were pretending to be associated with. 

"Please keep in mind that, although these attackers were impersonating one specific financial institution for this attack, they have already launched attacks impersonating many other financial institutions," said the researchers.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Zoom Blow as Thousands of User Videos Are Found Online

2
News

Common Flaws Discovered in Penetration Tests Persist

3
News

Washington State Legalizes Restricted Use of Facial Recognition Technology

4
News

Zoom Patches Three New Bugs in Scramble to Support Remote Workers

5
News

DoJ: Zoombombing Could Land You Behind Bars

6
News

Docker Users Targeted with Crypto Malware Via Exposed APIs

1
News

Scammers Target US Stimulus Checks

2
News

Linux Servers Under Attack for a Decade

3
News

Philippines Arrests 32 on Fake News Charges

4
News

Internet Traffic Spiked to Double Normal Rate in March

5
News

UK Businesses Could Make Huge Savings on Cybersecurity Services

6
News

Only a Quarter of Orgs ‘Focus’ on Cyber-Attack Prevention

1
Webinar

The Impact of #COVID19 on the Infosec Industry

2
Webinar

Using SIEM to Protect Against Top Cybersecurity Threats

3
Webinar

Zero Trust: A Cybersecurity Essential and the Key to Success

4
Webinar

2FA or MFA: Which Authentication is Right for Your Business?

5
Webinar

Make Your Own Security Superstars: Scale and Upskill Your Security Team

6
Webinar

Why Remediation Needs to be Part of Your Vulnerability Management Program

1
News Feature

The Long-Term Impact of #COVID19 on the Cybersecurity Industry

2
Interview

Interview: Rick Goud, CEO and Co-Founder, Zivver

3
Blog

Security by Sector: Kaspersky Makes Security Products Free for Healthcare Institutions Amid #COVID19 Pandemic

4
Blog

Why Physical Data Destruction is Absolutely Vital

5
News Feature

Top Ten: Things We Learned in Q1 2020

6
Opinion

Remote Workforce Security: Protecting People, Protecting the Enterprise