As the pandemic continues to impact the world, hackers are making headway on new phishing schemes that leverage users’ fears, doubt, and uncertainty around COVID-19. New research from KnowBe4 has revealed that coronavirus-related phishing emails remained the most promising attack type during the third-quarter of 2020 and will continue to foray into the last quarter.
Email subject lines used in the wild
According to KnowBe4, the following email subject lines based around COVID-19 were popular among threat actors:
- Payroll Deduction Form
- Please review the leave law requirements
- Password Check Required Immediately
- Required to read or complete: “COVID-19 Safety Policy”
- COVID-19 Remote Work Policy Update
- Vacation Policy Update
- Scheduled Server Maintenance -- No Internet Access
- Your team shared the "COVID 19 Amendment and Emergency leave pay policy" with you via OneDrive
- Official Quarantine Notice
- COVID-19: Return To Work Guidelines and Requirements
A sneak peek into recent phishing trends
- Armorblox spotted a new credential phishing campaign that exploited the IRS, coronavirus, and SharePoint to trick users. The email promised an important update on the recipient’s COVID-19 relief funds to be disbursed to the person’s address. Instead, it was used to spread the personal information of users.
- Towards the end of September, scammers leveraged the recent COVID-19 financial grant announced by Facebook as bait to steal users’ identity. In this attempt, a fake CNBC news was used to post the announcement.
- In mid-September, U.K business owners were targeted in a new phishing scam that impersonated Her Majesty’s Revenue and Customs (HMRC) and informed victims about the new updates on COVID-19 tax relief.
Besides phishing, the pandemic became a popular channel to spread malware. In an incident, cybercrooks had used the ‘U.S. President testing positive for COVID-19’ theme to distribute BazarLoader malware.
Since the beginning of 2020, the pandemic has opened a variety of opportunities for new and unique espionage attacks. The year, moreover, witnessed a spike in attacks from state-sponsored actors in a bid to steal vaccine development research. At a time when ransomware kits are sold on the dark web, hackers leveraging COVID-19 for malicious activities have become even more concerning.