Cyber criminals are using COVID-19 to manipulate users on Twitter and steal funds through payment applications. Our latest example demonstrates how victims are being targeted with fake credential dumps.
In the above, the threat actor claims to help individuals discover whether their passwords have been published online without their permission, for a fee. The post lists multiple payment applications for a cash deposit prior to services rendered.
There are legitimate free services online like hXXps://haveibeenpwned(dot)com/ that search publicly known credential dumps for account information. This scam is dependent on the victim being unaware of that, and as a result, paying for information that is easily accessible online or paying to receive no results at all.
Coronavirus is mentioned to add legitimacy as well as online visibility to the post. The victim can assume that because the threat actor is providing services due to the pandemic, it is either out of empathy for those affected or because account data in general may now be more prone to a breach.
If the victim submits payment through one of the cash applications, any communication between the threat actor and victim will likely cease and the money will be lost.
Recent Articles By Author
*** This is a Security Bloggers Network syndicated blog from The PhishLabs Blog authored by Jessica Ellis. Read the original post at: https://info.phishlabs.com/blog/covid-19-phishing-update-threat-actors-on-twitter-want-you-to-pay-for-your-stolen-passwords
Original post:
