BruCERT has received reports of a phishing email that claims to be from "BIBD Bank Darussalam Brunei" offering a COVID-19 relief fund to its customers.
The email includes a link which appears to be the official BIBD website www.bibd.com.bn however, hovering over the link reveals that it directs the user to a malicious URL :
https://artem725shiola.com/arte/won/kmlj/mem/login/index.php
Testing by researchers has found that the link is able to run malicious activities which attempts to steal credentials and other personal information in the system background.
IMPACT
- Clicking on the link will direct the user to a phishing site which may embed malware on the user's device
- Personal information and credentials can be stolen and compromised
- Leakage of data
- Identity theft
RECOMMENDATIONS
- Check whether the sender's email address matches with who they claim to be.
- Verify the message by contacting the organization directly. Reputable financial institutions will never ask for personal or financial information via email or unofficial communication channels.
- If you receive a fraudulent email, report it to the affected organization.
- Never provide your personal or financial information unless you are sure who you are communicating with.
- If an email contains a link, inspect it closely before you click. Hover over the link and view the URL. Do not click on any suspicious links.
- Do not open any attachments found in suspicious emails.
- Do not forward an email message if you are unsure of its legitimacy.
- Refer to official sources for information on COVID-19 funds and charities.
- Install antivirus and update it automatically.
- Consider blocking file attachments associated with malware such as .dll and .exe and .zip files which cannot be scanned by an antivirus program.
- Exercise good cyber hygiene and safe online practices.