Cybercriminals have been mimicking Canadian and other governments’ COVID-19 financial relief web sites to steal credentials and siphon off taxpayer money, a report released May 15 says.
“Over the last two months we observed a surge in the creation of COVID-19-themed credential phishing website templates that mimic the brands of numerous governments and trusted non-governmental organizations including the World Health Organization, Internal Revenue Service, Centers for Disease Control, the United Kingdom government, the government of Canada and the government of France,” the report from California-based global online security firm Proofpoint said.
Proofpoint said more than 300 of the COVID-related phishing campaigns aimed at capturing users' credentials since January.
“We’ve seen throughout the COVID-19 situation how threat actors have followed the news and adapted their themes to match the unfolding public narrative,” the report said. “The movement by governments in particular to offer financial support has caught the attention of threat actors who have moved not only to target those funds directly but to use them as themes for their malware and credential phishing attacks.”
A sudden growth in COVID phishing website landing pages was observed starting in March and declining in April.
Proofpoint said the peak and subsequent drop-off likely reflects a combination of saturation for COVID-19 payment theme phishing templates and a move toward other COVID-19 themes once many one-time payments were disbursed.
Proofpoint noted the fake templates appeared for the Canada Emergency Response Benefit and the Canada Revenue Agency COVID-19 Financial Support pages.
“This spoof is noteworthy because while it copies the behavior of the Canadian government website effectively, it does not match the look and feel of the current Canadian government website,” the report said. The malicious template correctly copies the name of Canada’s revenue ministry in English and French, Canada Revenue Agency and Agence du revenu du Canada respectively. However, the layout, colors, and branding of the malicious template do not match that of the legitimate Canadian government website.”
Federal government officials could not be immediately reached for comment.