CoVID phish

rslade · ‎05-09-2020

So, I got the following message via text/SMS on my phone:

------- Forwarded message follows -------

(Notification - ALERT ) Dear client, ScotiaBank is working with the
Government to make the Emergency C0VID-19 Benefits deposits easier. To
complete your Benefit demand. Please visit now :
www.Scotia-0nline-C0VID19.com

------- End of forwarded message -------

I do have an account with Scotia, but I have not had texts from Scotia and I
do not recognize the domain. So, being a Professional Paranoiac of the first water, I did a domain lookup.

scotia-online-covid19 doesn't exist.

But, being as paranoid as I am, I noticed that O (capital letter "o") and 0 (digit zero) look the same.

And, voila! scotia-0nline-c0vid19.com *does* exist!

(I'd advise not going anywhere near it.)

(Anybody got a good contact in the RCMP?)

Checking server [whois.namecheap.com]
Results:
Domain name: scotia-0nline-c0vid19.com
Registry Domain ID: 2522352593_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2020-05-05T16:00:37.00Z
Registrar Registration Expiration Date: 2021-05-05T16:00:37.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registry Registrant ID:
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Registrant Street: P.O. Box 0823-03411
Registrant City: Panama
Registrant State/Province: Panama
Registrant Postal Code:
Registrant Country: PA
Registrant Phone: +507.8365503
Registrant Phone Ext:
Registrant Fax: +51.17057182
Registrant Fax Ext:
Registrant Email: 8f0531d561474bf89efed2888272ca61.protect@whoisguard.com
Registry Admin ID:
Admin Name: WhoisGuard Protected
Admin Organization: WhoisGuard, Inc.
Admin Street: P.O. Box 0823-03411
Admin City: Panama
Admin State/Province: Panama
Admin Postal Code:
Admin Country: PA
Admin Phone: +507.8365503
Admin Phone Ext:
Admin Fax: +51.17057182
Admin Fax Ext:
Admin Email: 8f0531d561474bf89efed2888272ca61.protect@whoisguard.com
Registry Tech ID:
Tech Name: WhoisGuard Protected
Tech Organization: WhoisGuard, Inc.
Tech Street: P.O. Box 0823-03411
Tech City: Panama
Tech State/Province: Panama
Tech Postal Code:
Tech Country: PA
Tech Phone: +507.8365503
Tech Phone Ext:
Tech Fax: +51.17057182
Tech Fax Ext:
Tech Email: 8f0531d561474bf89efed2888272ca61.protect@whoisguard.com
Name Server: dns1.namecheaphosting.com
Name Server: dns2.namecheaphosting.com
DNSSEC: unsigned

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

AB19 · ‎05-10-2020

can i share this ?

dcontesti · ‎05-11-2020

Thanks for sharing.

I would be nice if banks would put up disclaimers about these types of scams. I got a note from TD and I ignored it as I don't deal with them.

Recently read an article which stated that Canadians have lost $1.2Million dollars to scammers related to Covid-19 phishing. I share this article with Seniors (who seem to be the most susceptible)

https://www.cbc.ca/news/technology/phishing-messages-surge-coronavirus-1.5513315

d

AB19 · ‎05-11-2020

I hear you. they should be proactive .