A cybercrime gang focused on Business Email Compromise (BEC) has started using coronavirus-themed scam emails in its attacks.
Most of the attacks aimed at spreading malware to control victims’ computers and stealing sensitive data, but now a cybercrime gang, tracked as Ancient Tortoise, is launching BEC attacks taking advantage of the COVID-19 outbreak.
According to a report shared by Agari Cyber Intelligence Division (ACID) researchers with BleepingComputer, crooks are launching Coronavirus-themed BEC attacks.
The researchers received a coronavirus-themed scam email that attempted to trick victims into using a different bank account for the payment due to the COVID-19 outbreak.
“Due to the news of the Corona-virus disease (COVID-19) we are changing banks and sending payments directly to our factory for payments, so please let me know total payment ready to be made so i can forward you our updated payment information,” reads the scam email.
The Ancient Tortoise’s BEC message includes details of a Hong Kong mule account and instructs victims to send the money to it.
Researchers noticed that it took about three weeks for the attackers to send the coronavirus-themed scam email after they have initially established a contact with them.
“It took about three weeks for the attackers to send the coronavirus-themed scam email after their initial contact with the researchers, between February 17th when the request for an aging report landed in Agari’s inboxes and March 9th when they launched the final attack on the fake vendor.” reported BleepingComputer.
To defend against BEC attacks, Agari experts recommend vendors and suppliers to implement strong email authentication and anti-phishing email protections.
Any organization that has regularly pay external suppliers is recommended to set up a formal process for handling outgoing payments, especially when some changes are reported in the normal payment procedure (i.e. A change of the bank account).