Recently, a report from security firm Inky describes new phishing scams that purport to come from the White House. In normal times, these scams might be just a curiosity. In these strange times of today, there seems to be enough lack of scrutiny by some people for them to be finding their targets.
Russian
In addition to appearing sufficiently authoritative to con many of their targets, these original phishing scams are firmly blamed by Inky on ‘Russian hackers’.
‘White House guidance’
A new phishing scams appears to come from the White House & has the signature of President Donald Trump.
The phishing scam email appears to come from a phoney White House official, making use of a totally false return email address. Inky’s published example was from one “Valentina Robinson”; there is no known public official named this.
Quarantine
This email is full of grammatical mistakes, with a title announcing, “The White House Instruction for Coronavirus.” It also starts by stating “the quarantine will be prolonged until August 2020”- there is no current Federal Quarantine Order, just recommendations that States & localities opt to follow as needed. It also falsely says that the US Federal tax filing deadline has now been extended to Aug. 15, but the real extension is to only July 15.
Grammar
Grammar, structure & fact errors are sufficient to flag that this is a likely phishing scam. However, it might appear just plausible for those readers who trust the validity of the return address, & then race through the email & go straight to the link.
The link actually leads to a much more believable copy of the ‘official’ White House Coronavirus information site. When the person then clicks on the “download and read full document” link, they’re then sent a Microsoft Word file that goes on to launch malicious macros when the “editing” and “content” features are enabled. Macros will then try to download the malware that goes on to steal personal information out of the system.
Phishing email
Another similar phishing email, which is also probably from the same attackers, attempts to trick users into downloading the malicious document by referring to ‘new developments to slow down the spread of the Coronavirus.’
Bribe
Perhaps related, is a comparable White House phishing scam in which Vice President Mike Pence appears to be attempting to ‘solicit a bribe’ from the readers. Targeting companies, it claims that Pence had just left a security meeting about their business & asks for a Bitcoin ‘bribe’ in order to not bring charges of human trafficking & drug dealing!
Whilst these attempts at extortion-type scams might seem very crude under normal circumstances, they are assisted in part by a White House that issues information that is sometimes ‘confusing, contradictory or incomplete’. People who are anxious & lacking good guidance are obviously more likely to be lured into a phishing scam when it looks official.
Erich Kron, who is Security Awareness Advocate for KnowBe4, observes that bad conditions can cause people to make otherwise inexplicable mistakes:
Mike Pence
“In the case of the emails purportedly sent from Mike Pence to business owners, this is also an attack on emotions, as many business owners are currently under stress either because their sales are down, or in some cases because they are busier than they ever have been depending on the industry. In both of these cases, there are glaring grammar & spelling errors, when placed under stress, people may not notice these. This is why it’s so important whenever an email, text message, or even phone call causes an emotional response, to step back for a moment, take a breath and look very critically at the situation. Attackers will use our emotions to bypass critical thinking.”
The golden age of the phishing scams
Phishing scam attempts are hugely up at present because of Coronavirus measures, & with much of the world spending their time now online & working from home computers that often have far less in the way of security than do the corporate networks.
Conditions are engendering a ‘cyber-crime wave,’ however, the phishing scams that target peoples’ email accounts seem to be the most common type of incursion & seem also to be having the biggest growth in their success rates.
Templates
The Inky report also suggests that the recent phishing scams are making use of templates that are based on a similar body text, a technique the company refers to as “Coronaphish.” Inferred, therefore, is that opportunistic criminals will use the relatively cheap ’pre-fab phishing kits’ (on the dark web for as cheaply as $20), & that many attacks are from relatively unsophisticated players.
It’s possible the group linked to the FSB is actually behind the White House phishing emails. However, it doesn’t seem likely that these are govt-backed hackers because of their crudeness & obvious mistakes.
Criminals
Petty criminals in Russia are ‘unofficially’ allowed a little freedom to hack for profit & run phishing campaigns, as long as they keep their activities outside of Russia’s borders, & don’t cause any difficulties for the govt!
Paul Bischoff, privacy advocate with Comparitech, suggests that even a more complex White House phishing scam should in theory be quite easy to identify: “The US Federal Govt. doesn’t make unsolicited contact via email, so disregard any emails purporting to be from the White House or other govt departments. Never click on links or attachments in unsolicited emails.”
The US Govt makes briefings like these through their websites, hold regular presentations on TV, & rely on media coverage to convey information to the general public.
‘White House #phishing #scam’ tries to make users download a document with ‘new developments in slowing down the spread of COVID-19’.
Trusted paths
Chris Clements, VP of Solutions Architecture for Cerberus Sentinel, suggests there is a very simple way to defeat any phishing scam attempt that is based on mimicking a known organisation or person: “Now more than ever consumers should utilise “trusted paths” such as going to those organisations’ websites directly rather than clicking a link or opening an attachment in an email to access important information about the pandemic.”
So, beware of that personal e-mail from the White House!
