Coronavirus-themed attack: Experts uncovered flight refund scam

Experts at email security firm Mimecast has uncovered a flight refund scam that attempts to exploit the ongoing coronavirus outbreak.

Researchers at email security firm Mimecast have uncovered a new flight refund scam that attempts to exploit the ongoing Coronavirus outbreak.

The campaign is simple as effective, scammers attempt to target individuals that are waiting for refunds from airlines that deleted the flights due to Coronavirus shutdown.

The malspam messages include a fake flight refund form and instruct targets to fill them providing their names and credit card details. Using this trick, cybercriminals could collect personal and financial information and use them to carry out a broad range of malicious activities. Data gathered with this fraud scheme could be also offered for sale on the Dark Web.

Below an email Mimecast has shared with El Reg, the campaign was discovered as part of routine monitoring.

“Because there’s so much talk in the media about flight cancellations and refunds, criminals have switched those kind of tactics to phishing emails,” Kiri Addison, Mimecast head data scientist for threat intelligence & overwatch, told El Ref.

“They can see all the personal information: phone numbers, email addresses, credit card payment card details, anything they can use themselves, anything they can sell on the dark web. [It’s] stuff they can use for future phishing attacks too.”

Operators behind malspam campaigns always attempt to exploit the interest of the people on specific topics, and the Coronavirus outbreak represents an exceptional opportunity for scammers.

Recently, many security firms have reported numerous Coronavirus-themed attacks.

Experts pointed out that victims of this kind of attack could fall for similar scams in the future.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – flight scam, Coronavirus)

[adrotate banner=”5″]

[adrotate banner=”13″]