Cybercriminals committing Phishing attacks have begun to take advantage of the new mutation of COVID-19, Omicron, and use it as a lure to get the attention of their victims.
It is very common for threat carriers to take advantage of current affairs. Especially, the COVID-19 is the perfect bait, as it has been the main topic of discussion around the world for about two years. In addition, it is a condition that causes fear to many people, and this is one key to a successful phishing attack. When people are in a panic, they are more likely to rush to open an email without first thinking about it.
Carriers of phishing attacks are now exploiting the Omicron mutation, the appearance of which has caused concern due to fears of high transmissibility as well as possible ineffectiveness of vaccines. At this stage, scientists are trying to see how serious this new mutation is and people are watching developments.
Criminals exploit this disorder and target users with phishing attacks.
COVID-19, Omicron: Phishing campaign targets the UK
The United Kingdom Consumer Protection Agency "Which?”Published two samples of phishing emails, which supposed to come from the National Health Service (NHS) of the United Kingdom and warn recipients of the new Omicron variant.
These emails say that the Service offers one free Omicron PCR test. To make emails look legitimate, hackers use malicious email addresses to distribute firstname.lastname@example.org".
If the recipient clicks the built-in button “Get it now”Or click on URL that exists in the email, will be transferred to one fake NHS site.
The victims are then called upon to give it their full name, date of birth, home address, mobile phone number and email address.
End, are required to pay 1,24 1,65 ($ XNUMX), an amount that is supposed to cover the cost of delivering the test results.
The purpose of the phishing campaign is not to steal the amount itself, but the victim's payment details, such as e-banking credentials or credit card details.
During this step, the victim is also asked to enter his or her mother's name, which criminals could use to bypass security questions during a subsequent account takeover attempt.
Source: Bleeping Computer