Google finds Indian hack-for-hire firms exploiting coronavirus fears via spearphishing schemes


Shannon Vavra

Hack-for-hire firms in India have been impersonating the World Health Organization in credential-stealing spearphishing email campaigns, Google’s Threat Analysis Group said Wednesday.

The hack-for-hire campaign, which has targeted healthcare companies, consulting firms, and financial services entities primarily in the U.S., Slovenia, Canada, Iran, Bahrain, and Cyprus, uses Gmail accounts imitating the WHO to direct victims to lookalike WHO websites. From there, victims are urged to sign up for healthcare alerts related to the coronavirus pandemic, according to Google. When signing up, however, users are prompted to reveal their...

Get the Morning Update

Thanks for subscribing!