Kaspersky: Scammers exploiting Covid-19 pandemic grants
As soon as grants for COVID-19 pandemic-hit businesses were announced, scammers went phishing
Wednesday, 30 September 2020; Earlier this year, as a means of assisting businesses that have been impacted by the pandemic, Facebook announced a grant of $100 million for small businesses, according to the company’s official blog. However, Kaspersky analysis shows that just as the news was picked up by media outlets, malicious users started exploiting the bait.
Trick scammers use
The trick was simple: scammers presented the news as if Facebook was handing out money to all of the social network’s users who had been affected by COVID-19. Samples, detected by Kaspersky, indicate that potential victims viewed an article – seemingly from a prominent media outlet – claiming Facebook is giving grants to users hit by COVID-19, along with a link to apply for the grant.
The potential victims, having clicked on the ‘news’ link, were taken to another charity-related portal. Its URL does not contain facebook.com, so it clearly has nothing to do with Facebook. Nevertheless, to accept the application, the site requires a lot more information, supposedly to verify the account; such as the victim’s address, social security number (for US citizens), and even a scan of both sides of a piece of ID. When the form is submitted, the site displays a confirmation message that the application has been accepted.
While, of course, this results in no grants being given away, the collected information allows the scammers to gain access of their victims’ Facebook accounts and this can be used in a variety of malicious ways (for instance to trick a person’s friends and ask them for money) or even to steal someone’s identity.
“To stay safe from such phishing scams, you need to look carefully at the URLs of the sites that you visit. Never enter personal information on a site that seems suspicious. Also, pay attention to the grammar and layout on the web page. And, finally, be naturally wary of any forms that want personal information. These simple rules could save your personal data,” comments Vladislav Tushkanov, security expert at Kaspersky.