Threat Actors Adapt to the Pandemic by Unleashing New Phishing Trends

Phishing is probably one of the oldest tricks in the book of attackers but it has taken a new shape in the last six months with the COVID-19 theme. Coronavirus-related phishing attacks have spiked since the inception of the pandemic and they show no sign of stopping any time soon. Researchers have observed that emails continue to be a primary channel to activate these types of attacks. 

New worrisome trends

  • In the past two months, Bitdefender’s telemetry has flagged 42.9% of coronavirus-related emails as suspicious or malicious. 
  • Earlier, these emails either included malicious links or attachments and impersonated well-known agencies, such as the World Health Organization (WHO), to steal personal and financial data from online users.
  • However, some of the latest trends include fake updates on the evolution of the virus and malicious attachments that can infect recipients’ devices when accessed. 
  • In addition to disguising as government agencies, scammers are now leveraging the temporary ban on importing or exporting goods and financial institutions offering COVID-19 relief funds to target users.
  • Fraudsters are also attempting to phish users in the name of fake drugs that can cure the disease within five days.
  • Other phishing campaigns that have erupted during the course of this pandemic are related to bonus reports, pandemic food distribution, office shutdowns, FedEx packages, quarantine protocols.  

Financial institutions become an active target

  • In order to fuel their malicious operations, scammers have begun targeting financial institutions on a frequent basis. 
  • Some of the banks targeted in the last two months include Standard Chartered, HSBC, World Bank, and Moneygram. 

How much is the loss? 

  • According to the Federal Trade Commission, there were as many as 22,000 consumer complaints about COVID-19-related frauds, translating into a total loss of over $22 million.
  • About £2 million (~$2.5 million) has been lost to coronavirus-related fraud in the U.K. as criminals look to cash in on the crisis. 
  • Apart from this, nearly £17 million (~$21.3 million) has been lost to online shopping frauds in the U.K. during the COVID-19 lockdown period.

Final words

For cybercriminals, the pandemic has turned into a golden opportunity to push all kinds of scams to the masses. They are using coronavirus-related scams to trick victims into opening malicious emails or links. Therefore, people should avoid clicking on links that come embedded in unsolicited emails, and should instead verify the link in a private browser. Hover over the link to check the actual source of the URL. Also, beware of email attachments with formats like SLK, IMG, EXE, ZIP, and RAR.