BIBD COVID-19 Relief Fund Phishing Scam

BruCERT has received reports of a phishing email that claims to be from "BIBD Bank Darussalam Brunei" offering a COVID-19 relief fund to its customers.

BIBD COVID-19 Relief Fund Phishing Scam

The email includes a link which appears to be the official BIBD website however, hovering over the link reveals that it directs the user to a malicious URL :

Testing by researchers has found that the link is able to run malicious activities which attempts to steal credentials and other personal information in the system background.


  •     Clicking on the link will direct the user to a phishing site which may embed malware on the user's device
  •     Personal information and credentials can be stolen and compromised
  •     Leakage of data
  •     Identity theft


  •     Check whether the sender's email address matches with who they claim to be.
  •     Verify the message by contacting the organization directly. Reputable financial institutions will never ask for personal or financial information via email or unofficial communication channels.
  •     If you receive a fraudulent email, report it to the affected organization.
  •     Never provide your personal or financial information unless you are sure who you are communicating with.
  •     If an email contains a link, inspect it closely before you click. Hover over the link and view the URL. Do not click on any suspicious links.
  •     Do not open any attachments found in suspicious emails.
  •     Do not forward an email message if you are unsure of its legitimacy.
  •     Refer to official sources for information on COVID-19 funds and charities.
  •     Install antivirus and update it automatically.
  •     Consider blocking file attachments associated with malware such as .dll and .exe and .zip files which cannot be scanned by an antivirus program.
  •     Exercise good cyber hygiene and safe online practices.