Many of the hack-for-hire firms, based in India, are creating accounts spoofing the World Health Organization (WHO) and targeting business leaders in consulting, financial services, and healthcare organizations in the UK, the US and Bahrain among few other countries. These hack-for-hire firms have been targeting other corporations amid the critical COVID-19 pandemic, according to a recent report by Google.
The tech giant revealed that several coronavirus-themed attacks have been discovered and confirmed by its teams because the COVID-19 pandemic has disrupted lives of people as well as businesses across the world. Giving an example of one such attack, Google said that they have seen new activity from the ‘hack-for-hire’ firms, that have been creating Gmail accounts spoofing the WHO. Many of these ‘hack-for-hire’ firms are based in India itself.
Google said in a recent blogpost that the accounts have largely targeted the business leaders in consulting, financial services, and healthcare organisation, based in many countries including the US, Canada, Slovenia, Bahrain, India, Cyprus, and the UK.
The e-mails encourage online users to sign up for the direct notifications from WHO, so as to stay informed about the COVID-19 related information. It also includes a link to the attacker-hosted websites which display a similar resemblance to the official WHO website.
The attacker websites feature fake login pages which prompt the victims to give up their personal Gmail account credentials. Occasionally, the websites also encourage individuals to reveal their personal details, such as phone numbers. Google also said that its advanced protection program (APP) makes use of hardware security keys and also provides the strongest protection against phishing, account hijackings.
Recently, Microsoft also highlighted a similar trend. According to Microsoft, cybercrooks are making use of COVID-19 to make ransomware and phishing attacks. More than 9,000 COVID-19-themed attacks were noticed in India between the period February 2 – May 2. Around 19 million such attacks were discovered in Asia.
(With inputs from agencies)