New phishing scams impersonating President Trump and Vice President Pence are designed to install malware or be the start of an extortion scam.
Nothing beats taking advantage of a pandemic to start yet another phishing scam. This time, according to anti-phishing vendor Inky , new scams purporting to come from the White House are being seen in the wild.
At a time when most Americans have both experienced and accepted the emergency alert system that allows texts from the President to be sent to every mobile phone, seeing an email from the President or Vice President doesn’t entirely seem to far-fetched.
According to Inky, new phishing scams are using the pandemic to trick victims into clicking on malicious links. As shown in the example below, emails contain “Coronavirus Guidelines for America.” Sounds important enough that some will fall for this scam.
Oddly enough, scammers are attempting to extort money from organizations using an email pretending to be VP Mike Pence:
Source: Bleeping Computer
I can’t fathom how anyone would think Mike Pence would bother to send a poorly-written email (e.g., “The Vice President of the united states”), but people are gullible and often don’t pay attention to telltale signs like this that indicate it’s a scam.
Individuals and organizations alike need to be mindful that scams use any opportunity to establish credibility (in this case, using the White House) as a means to convince you the email is legitimate, its contents read, and its attachments or links clicked. Organizations can protect themselves using Security Awareness Training to change user’s thinking about how they approach email and web content with a vigilant mindset that has just a bit of suspicion always in place. This vigilant state helps users spot obvious signs such as the poor writing and incorrect email address and know it’s a scam before they fall for it.
Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.