Malicious threat actors who conduct phishing attacks have immediately taken advantage of the COVID-19 Omicron variant’s discovery for their cyber-espionage campaigns. The Omicron variant is being exploited and used as bait by phishing actors to lure unaware targets via malicious email spams.
The threat actors instigate fear in their targets by making them panic. These victims will open the malicious emails since most people will not think twice about gathering information about the new COVID-19 variant.
The Omicron variant is the most recently discovered strain of COVID-19 and scientists claim that its mutation made the variant more transmissible and potent against available vaccines. This information enabled threat actors to send phishing emails to their victims since any known details regarding this new variant can be considered valuable.
According to recent reports, the UK’s consumer protection organisation disclosed two samples of new phishing emails that spoof the UK NHS (National Health Service) warning regarding the COVID-19 Omicron variant.
The phishing emails offer the victims free Omicron tests that will supposedly aid the recipients to have an exemption to various restrictions. To add legitimacy, the malicious address utilised by the phishing operators for spreading their emails is named ‘[email protected].’
If the target presses the attached button that says, “Get it now,” they will be redirected to a fake NHS website that claims to offer the Omicron variant free testing. After the targets are redirected to the fake site, they will be instructed to enter their full names, date of births, permanent addresses, phone numbers, and email addresses.
When completed, the targets will be asked by the phishing actors to complete a payment transaction of £1.24, which they will allegedly use to pay for the delivery charge that will carry their test results.
However, the purpose of the small amount of payment is only to collect the mobile banking data and credit card information from the targets who will take the bait. The threat actors will also request the targets to input their mother’s full name, which they will then use in an attempt to take over their bank accounts.
Phishing threat actors will use any trend to get a meaningful advantage in upgrading their methods. So, people need to be more cautious about unwanted emails that come out of nowhere. If ever you have encountered these emails, make sure they are legit and trustworthy.
