Phishing for Covid19
moses.aboiyar / 29.03.2020

Phishing for the Coronavirus

As the Coronavirus sweeps through the world, some have gone phishing hoping to gather sensitive data like login information and banking details or just simply get many redirects to help click on advertising they are running. The advertisers depend on people sharing their links on platforms like WhatsApp to mostly family members and close relatives. 

More information can be found about the Virus in Nigeria from Nigerian Centre for Disease Control – NCDC on a dedicated page for the virus https://covid19.ncdc.gov.ng . Also follow them up on Twitter @NCDCgov to get lives updates.

We will talk about fraudulent websites and phishing techniques that are themed with the Corona virus. This websites range from government aid packages to Netflix free streaming. As with all phishing attacks, they are depending on the ignorance of the expected victim. If the government has an aid package, you will hear the news from the said government agency, trusted news agencies, and from the president through a live broadcast, a statement or a tweet. 

Let’s take a look at an example of a site actively out there taking advantage. Some started but were quickly put down. One was on blogspot taking advantage of a shortlink. But the shortlink provider have put them out. It was claiming to be a registration website for a government aid of ₦8,500 utilising a web form requesting for banking details. The danger is that data collected can be used for a future scam tailoring phishing attacks to specific customers by acting as a customer care rep showing information and asking for authorising information like passwords and pins.

Then there is the netflix-usa guys. They put out a fake Netflix website saying there is free streaming because of the Corona virus.

Fake Netflix website

 

It is easy to observe the fake web address at the top of the image for those familiar with the Netflix website but others would believe this is actually from Netflix.  Some might see that the page is secured and believe they are safe. The certificate is from Letsencrypt as seen below.

Secured phishing website

 

Because this website has a TLS certificate, many will rule is as safe but it's not. Let's compare it with the actual Netflix website.

Actual Netflix website

 

And the certificate for it is issued by Digicert. 

Netflix secured

 

The fake Netflix website can be used for two purposes; to get Netflix users login information and to make it viral for popup ads.

It is very important to stay safe and indoors. Which includes been safe from fraudsters on the internet. If it doesn't sound true, it's not, and verify every information before believing.

There could be more sites out there like the fake Netflix site, verify the certificate and web address, a little time to research saves alot of loss. Also watch out for fake treatments, testing and prevention measures. 

Wash your hands with soap, avoid touching your face, don't share phones or eating utensils. Stay home and stay safe.

If you come across a phishing or fraudulent website, sensitise your contacts cos they might not be aware and report it immediately. Remember there is no successful fraud without your help.