These pages copy the look and feel of the legitimate IRS payment page as shown in Figure 7. To secure the financial aid the visitor has to click the “Continue” button which takes them to a subsequent page that asks for their personal information (Figure 6 below).įigure 6 Spoofed IRS Payment Credential Phishing Page via cmattayerscom This template offers the visitor a sum of money as “financial aid” as part of the overall COVID-19 relief program. The above example is part of a template found on a site with URL that included COVID-19 related keywords.
For purposes of comparison we have included a screenshot of the CDC website with the graphic that the malicious template copied and the digital certificate highlighted to demonstrate its authenticity in Figure 4.įigure 4 Legitimate CDC Website Showing Graphicįigure 5 Spoofed IRS Landing Page for Financial Aid via cmattayerscom It’s notable that at the time of our research, this template has directly copied the coronavirus graphic that is present on the legitimate CDC website ( ).
How to create phishing page for yahoo password#
This template asks the visitor for their email address and password so that they can receive a “Vaccine ID.” In Figure 3 you can see that the modal box asking for credentials includes logos for Microsoft Outlook, Google Gmail, Microsoft Office 365, Yahoo!, and AOL, making this a broad web email credential phishing template repurposed for this theme. The above example is a credential phishing template that is designed to spoof the legitimate site of the United States Centers for Disease Control (CDC). United States Centers for Disease Controlįigure 3: Spoofed CDC Branded Credential Phishing Template via cdcgovcoronavirussecureservershorttermrentalorg This sample is particularly notable because it represents the first example of a COVID-19 specific credential phishing template that we saw on February 6, 2020. In this case, the malicious template is designed to obtain a visitor’s username and password, ostensibly so they can gain access to information about COVID-19 safety measures. It copies the WHO logo and color scheme and is designed to be used as part of a credential phishing campaign. The above example is a template designed to copy the look and feel of the legitimate WHO site ( ). The peak in March and subsequent drop off in April likely reflects a combination of saturation for COVID-19 payment theme phishing templates and a move towards other COVID-19 themes as many one-time payments were disbursed.įigure 1: Rise of COVID-19 Themed Phishing Landing Pages (January - April 2020)įigure 2: Spoofed WHO-branded Credential Phishing Template via wastewatertreatmentconz In this chart, you can see a slow growth that significantly jumped at the beginning of March 2020 and then began to drop off in April 2020. The recent move to create custom COVID-19 payment phishing templates indicates that buyers view them as effective enough to warrant custom tactics to harvest credentials.īelow in figure 1 we’ve captured the sudden growth in COVID-19 phishing landing page deployments, starting in March 2020. Many of these templates feature multiple pages, further adding to the quality of the deception.Ĭredential phishing attackers often tailor their email lures with themes they believe will be the most effective and use general websites for actual credential harvesting. Below are recent template examples, which make it easy for threat actors to quickly create high-quality, malicious web domains to insert into their COVID-19 phishing campaigns. Over the last two months we observed a surge in the creation of COVID-19-themed credential phishing website templates that mimic the brands of numerous governments and trusted non-governmental organizations (NGOs) including the World Health Organization (WHO), Internal Revenue Service (IRS), Centers for Disease Control (CDC), the United Kingdom government, the government of Canada, and the government of France.Įasily more than half of the 300+ COVID-19 phishing campaigns we’ve observed since January 2020 are focused on capturing user credentials. Threat actors are continuing to try and take advantage of people worldwide as the pandemic continues-and most recently their efforts have included using fake websites, associated with COVID-19 financial assistance, to steal credentials.
0 kommentar(er)
