sb-as logo
Story image

MailGuard intercepts sinister cybercrime emails notifying users of COVID-19 “relief payment”

Cyber criminals have sent out a series of malicious emails attempting to manipulate users suffering from financial turmoil and difficulties triggered by the COVID-19 crisis.

According MailGuard, which intercepted the emails, the emails have similar titles such as See Covid19 relief payment that has been paid or BLOCKCHAIN: See Payment Approval for Covid19 Donation. The sender addresses are likely to be from compromised email accounts, with some from what appear to be a legal firm or similarly trustworthy sources such as a Christian school.
The email informs the recipient that their account has been credited for the Covid_19 donation and that the payment confirmation page is attached. A link to this page is provided, titled Promocode_fe33e, along with a PDF image.

Unsuspecting recipients who click on the link to view the page are led, not to a PDF file, but an HTML page hosted on with its background blurred.

A message appears at the front of this page, titled Account Payable Shared A File With You. A file labelled Remittance Advice is included, along with a link to download the file.

Clicking on the button titled Open currently leads to an error page.

"This is a particularly sinister scam as cybercriminals are attempting to exploit users who may be suffering from financial difficulties as a result of the economic uncertainty caused by the COVID-19, MailGuard says.

"Scammers are well-aware that many individuals and businesses are currently in desperate need of economic assistance. Cruelly, these attackers are capitalising on this hardship to steal even more from those who are already suffering."

Ways this email scam has attempted to exploit users, according to MailGuard:

  • The use of a subject line like See COVID19 relief payment that has been paid. This creates intrigue among recipients, or even excitement among those who are actually expecting financial assistance. This may motivate them to click on the link without pausing to check for the emails legitimacy.
  • The sender address implies the email is from a legal firm, Christian school or similar respected institutions. This isnt unexpected and is plausible that a notice of this nature may be sent with a COVID-19 relief notification, thereby not raising any alarm bells.

Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email being a fraud, MailGuard says. These include the fact that the email does not address the recipient directly, and that the link included in the email does not actually open a PDF, as implied. Several grammatical errors like in few working days and spelling errors (Covid_19) are also red flags that this email is, in fact, not legitimate.

"The practice of launching cyberattacks that are centred around ongoing trends isn't anything new. Cybercriminals have long employed these tactics to take advantage of any disruptions and vulnerabilities in the hope that users uncertainties and fear around new changes will get better of them and they will not pause to check for the legitimacy of these emails," says MailGuard.

"Coronavirus-themed cyberattacks are designed to play with human psychology and emotions, like this one we intercepted a few weeks ago. As such, we strongly advise being extra vigilant when you receive emails such as these and lookout for any tell-tale signs that might be suspicious."

As a precaution, MailGuard urges you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from.
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. 
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
Emotet malware is on a rampage after months of silence
CERT agencies around the world are reporting a surge in cyber attacks related to the Emotet malware, which is being distributed by email.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
Evolving threat landscape top priority for security and risk leaders
"COVID-19 has proved how rapidly and how drastically such risks can change."More