A new phishing scam involving fake emails claiming to be from the Vienna, Va.-based Navy Federal Credit Union ($125 billion in assets, 9.1 million members) is targeting victims to steal their credentials, according to the email security company Abnormal Security.
The attack has been taking advantage of the economic crisis spurred by COVID-19, where individuals are relying on stimulus checks and the Paycheck Protection Program to survive.
According to the Abnormal Security announcement:
“The email sent by the attackers claims to be from the US Navy Federal Credit Union, and states that the user has received $1,100 dollars due to the COVID-19 pandemic. The message claims that if the user has not received funds, they must validate their account with the link provided, which directs them to a phishing credentials webpage.”
The “payload” consists of a link to a fake login page hosted at a URL that is not associated with Navy Federal, but has a landing page that appears similar to the legitimate Navy Federal login page, the company said.
Clicking on the link will compromise users’ login credentials to their Navy Federal accounts, which would become vulnerable.
“This poses a great risk of financial loss associated with this financial institution,” Abnormal said.
NFCU’s Chip Kohlweiler, vice president of security, said in a statement: “We’re aware of the various ways fraudsters try to steal information, and our team is constantly taking steps to protect our members’ information and accounts. In addition, we regularly provide our members with tips on how they can avoid phishing scams. We encourage everyone to be wary of unsolicited messages and to follow best practices when it comes to email security.”
The company also said that the scam is effective because of the hidden URL it employs and the timing.
“The URL where the landing page was hosted was clearly not the real website hosted by the Navy Federal Credit Union. The attacker purposely masks the link with text, and hopes that the appearance of the landing page will convince the victim of its validity,” Abnormal said.
“Given the current pandemic, some individuals would have been still waiting to receive their stimulus check from the government. In the case that the user has not yet received their relief funds, they may be more inclined to believe this email,” Abnormal added.
Abnormal also said the scammers use vague language to trip up victims.
“The email body itself is vague and contains no personalization. This is a common tactic used by attacks to mass send this campaign, in order to hide who else was affected by this attack, as well as expand their net of target,” Abnormal said.