Yet another Coronavirus (Covid-19) phishing scam is making the rounds – here’s what we know so far:
This phishing email appears to come from ‘The Government Digital Service Team’, which to the untrained eye could look like a legitimate email from a UK Government department.
If clicked, the link within (pictured below) redirects victims to a convincing looking fake landing page, complete with government branding.
The email reads as below
You are getting a Council Tax Reduction (this used to be called Council Tax Benefit) considering you’re on a low income or get benefits.
Total amount of benefits: GBP 385.50.
The refunded amount will be transferred directly on your Debit/Credit card.
Apply now to claim the reductions made over your past two years of Council Tax payments.
[Link]
The information in this electronic e.Mail message is private and confidential, and only intended for the addressee.
Thanks
The Government Digital Service Team
Crown Copyright 2020
Unfortunately for the victims, the landing page is used to harvest user credentials instead of providing any sort of reward.
Personal information is requested by the fake page, such as names, addresses and bank details. All of which is stolen and later used for further malicious activities, such as accessing and locking victims’ accounts or selling on the dark web.
This is of course another case of social engineers praying on the hopes of those badly affected by the recent and ongoing coronavirus pandemic.
According to the cyber research team at UK think tank ‘Parliament street’, this email has been sent to hundreds of different inboxes.
The UK’s CTSI (Chartered Trading Standards Institute) Lead Officer, Katherine Hart had the following to say about the matter:
“This is yet another email scam using the coronavirus pandemic as an opportunity to target an increasingly vulnerable public. I am deeply concerned that people may fall prey to this, since many are out of work, or furloughed, and would welcome a council tax refund.”
“If anyone receives an email like this, do not click the link and report it to Action Fraud. CTSI and our partners in the consumer protection landscape are working hard to inform the public about emerging scam activity, and assist with its prevention.”
Since lockdown began, the UK’s Action Fraud reported that over £3.5 million has been stolen in Coronavirus Phishing scams from the UK public.
With many people being hit very hard financially during the pandemic, the seeming opportunity to suddenly claim back a substantial amount of money would come with great relief.
Internet users without regular and sufficient security awareness training would not think twice about this and hurry to collect their compensation.
At Phishing Tackle, we understand that as tension and stress builds, users’ susceptibility to clicking on phishing scams (their “Click-Prone” score) increases. During uncertain times such as these, money worries are common-place and people are therefore more vulnerable to attacks.
With everybody being vulnerable to cyber-attacks, protecting your organisation is a number one priority. Our professional training will mean your employees can detect and mitigate threats quickly, helping you to keep your organisation safer.
An organisation is only as strong as it’s weakest link, our training will help your weakest link become your strongest.