A fake website claiming to be from the federal government of Canada is preying upon those seeking financial relief from the COVID-19 pandemic.
In a recent blog report, security vendor Proofpoint warned that multiple “threat actors” across the world have created fake websites posing as fronts for pandemic financial assistance programs – including Canada’s very own Emergency Response Benefit (CERB) website.
“Threat actors are continuing to try and take advantage of people worldwide as the pandemic continues—and most recently their efforts have included using fake websites, associated with COVID-19 financial assistance, to steal credentials,” the security company said in its blog post.
It found that the fake website copies the behaviour of the original CERB website – run by the Canada Revenue Agency. It even has a bilingual option, allowing users to switch between English and French language options, making for a very elaborate ruse. However, the fake website’s layout, colours, and branding do not match the ones depicted on the real website.
Proofpoint reported that of the over 300 phishing campaigns it has observed since the start of the year, more than half are scams aimed at gaining user credentials. The fake CERB website, in particular, asks users to provide their full name and social insurance number.
To trick users into visiting these fake websites, Proofpoint explained in its blog that credential phishing attackers usually send their victims emails that are specifically designed with themes that are most effective – in this case, financial assistance related to the pandemic.
“It’s clear threat actors follow trends closely. We’ve seen throughout the COVID-19 situation how threat actors have followed the news and adapted their themes to match the unfolding public narrative,” the Proofpoint blog noted. “The movement by governments in particular to offer financial support has caught the attention of threat actors who have moved not only to target those funds directly but to use them as themes for their malware and credential phishing attacks.”
Proofpoint concluded that as the pandemic situation continues, it expects these COVID-19-themed attacks to continue, and more threat actors offering additional tools to enable these attacks.