New COVID-19 Spear-Phishing, Spoofing Attacks Mimic Google, WHO
Health IT Security
- Cybercriminals are once again working to take advantage of the COVID-19 pandemic through two new phishing campaigns: Hack-for-hire groups are spoofing the World Health Organization (WHO), while other hackers are impersonating Google-branded sites. Both campaigns are designed to harvest user credentials.
The reports mirror recent Proofpoint research, which found a dramatic increase in spoofing attempts through phishing campaigns and fake websites leveraging COVID-19-related themes. In those campaigns, hackers mimic government agencies and non-governmental organizations (NGOs) to steal login credentials and financial data.
The first report from Barracuda details a new impersonation attack, specifically a form-based-attack, which is disproportionately leveraging Google-branded sites in an effort to trick users into sharing their login credentials.