Image

Texts Demand You Take a "Mandatory" Online COVID-19 Test
The Better Business Bureau (BBB) received reports of individuals posing as employees of the U.S. Department of Health and Human Services (HHS) or another U.S. government department. Using SMS text messages, these malicious actors instructed recipients to click on a link for the purpose of completing a "mandatory online COVID-19 test." There's just one problem: there's no way of testing someone for COVID-19 online. With that said, the link used in this scam likely directed recipients to a fake web portal designed to steal their personal, financial and/or medical information. Attackers could have then monetized that data on the dark web or leveraged it to conduct secondary attacks.You're Infected...by Malicious Macros
Not dissimilar from the ploy described above, a scam detected by KnowBe4 used attack emails to warn recipients that they had come into contact with a "colleague/friend/family member" who has COVID-19. The email then instructed them to download and print an Excel spreadsheet so that they could bring it with them to the nearest coronavirus testing site.Image

Remcos RAT Masquerades as U.S. Small Business Association
Researchers at IBM X-Force recently detected an attack campaign that sent out emails disguised as official correspondence from the U.S. Small Business Association (SBA). The emails claimed to provide recipients with an application number with which they could apply for a "small business disaster assistance grant." All they needed to do was to sign an attached document allegedly authorizing a request for a tax return transcript and to upload it on SBA's website, the scammers told their recipients.Image

Zeus Sphinx Reawakens with COVID-19 Maldoc Campaign
Remcos wasn't the only trojan that attracted IBM's attention by abusing COVID-19 as a lure. On the contrary, researchers at X-Force detected another campaign whose attack emails informed recipients that Canadian Prime Minister Justin Trudeau had decided to award each Canadian who chose to stay home as a result of the coronavirus with a check of $2,500 CAD. The emails then told recipients that they could apply for one of these checks by filling out a request form.Image

Coronavirus-Themed Wiper Overwrites a Victim's MBR
Not all coronavirus-themed attack campaigns are interested in stealing their victims' information. Some just want to make sure that their victims can't access their information going forward. And what better way is there to do that than to overwrite a victim device's master boot record (MBR), information which is essential for a device to locate and therefore boot an operating system?Image

Fraudsters Using Fake Pop-up Testing Sites for Medicare Fraud
Last but not least in this week's roundup, we have a truly reprehensible scam. WDRB learned that fraudsters are creating pop-up testing sites for COVID-19. Here's an image of one that appeared at the corner on 17th and Broadway in Louisville, Kentucky.Image

Check out our other COVID-19 scam roundups below!
- COVID-19 Scam Roundup – May 11, 2020
- COVID-19 Scam Roundup – May 4, 2020
- COVID-19 Scam Roundup – April 27, 2020
- COVID-19 Scam Roundup – April 20, 2020
- COVID-19 Scam Roundup – April 14, 2020
- COVID-19 Scam Roundup – April 6, 2020
- COVID-19 Scam Roundup – March 30, 2020
- COVID-19 Scam Roundup – Week of 3/16/20