Get The Latest Insights

By Jessica Ellis | March 30, 2020

Threat actors continue using COVID-19 fears to exploit individuals on a variety of channels. Today we are taking a look at two new, related SMS lures. 

We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic. 


Scotia sms


The first example is a lure we found targeting a major Canadian bank. In it, the threat actor prompts the victim to click on the link http://s4-update0{dot}.com/3/, which leads to a web site asking for banking credentials. 


Scotia sms phish-1


This phish, as well as others we identified, were tied to the email [email protected].

IP Address:


CND sms phish


The second example also targets major Canadian banks. By clicking the link, victims are led to and asked to choose their bank, as well as enter their account information. 

The lack of security filtering on our phones, plus the misguided belief that they are secure makes SMS or text messages a prime – and growing – avenue for malicious activity. Unfortunately, there are numerous issues in identifying and reporting SMS Lures. That, in addition to the ease with which we use our devices, makes this type of lure a particularly effective one. 

For more intelligence on COVID-19 threats, see our ongoing coverage.

Additional Resources: