We are currently in a specific current events “stream”.
I don’t really want to talk about “the event”, except for the fact is that no matter of a specific ‘event’ there will be scammers creating new attack points using the current news.
The news in this case is so hyped up that it may be easier to “Phish” for ‘the event’ for example this is from a Threatpost article:
Phishing or other social-engineering efforts are far and away the main threats that respondents have seen, with about a quarter (23 percent) reporting these kinds of attacks. About 10 percent said that they’ve seen an uptick in coronavirus-themed scams. That said, the good news is that business email compromise (BEC) attacks and data exfiltration were reported by less than 3 percent of respondents; and less than 1 percent said they have been affected by ransomware.
One thing that has happened is that a lot of event domain names have been created to set up fake domain names here isc.sans.edu has cataloged them:
I don’t want to list them outside of the image above, as these are phishing sites. Needless to say there are no “official” event.com websites or other variants of the event names.
There are also other tactics for hackers to ask for in the phishing email. Anytime someone asks you to respond “quickly for your health” or is it just too ‘exciting’ an offer?
Any email, text, voicemail, chat, or any communication with any kind of urgency requires a phone call to someone to verify the actual urgency.
Here are some actual examples from Palo Alto’s Unit 42:
Notice in the examples from PA Unit42 above the theme is the same as previous events,
Here are very similar subject headlines:
- Latest “event” updates
- UNICEF “event” tips app
- POEA health advisory re: 2020 “event”
- Warning “event” virus
And the attachments are named:
awareness notice on “event’ Document.pdf.exe
- “event” upadte.xlsx
- “event” affected crew and vessel.xlsm
So my assertions is that these spam malicious emails phishing for victims are not new, in fact one can see the telltale signs of a standard hacker spam attack campaign.
Remember the We Were Soldiers movie? Here is a youtube piece of it it may not have the line of Sergeant Plumley, but I remember an especially harrowing scene where a soldier says: “It’s mighty sporting out here”
That is what I feel like every day in this particular “event” .
Remember Phishing scams are the highest reason for breaches in networks as we have discussed many times.
Contact us to discuss your situation.