How Cybercriminals Are Using COVID-19 as Phishing Opportunities

Mailspike By Mailspike • May 1, 2020

With the surge of the Covid-19 virus, other surges - of cyber threats and phishing campaigns  - have been felt globally, with cybercriminals evolving to take advantage of disruption and change in online behavior.

According to a recent article published in the Washington Post, almost 25,000 email addresses and passwords from the World Health Organization (WHO), National Institutes of Health (NIH) and the Gates Foundation have been dumped online, presumably from cybercriminals who have successfully stolen confidential information through sophisticated, coronavirus-themed phishing campaigns.  

While it hasn't been verified whether the data is real, it spotlights the gravity of how opportunistic cyber attackers are, preying on people's fears and capitalizing on the chaos and confusion as coronavirus cases continue to rise. The surge of cyber threats and phishing campaigns has been felt globally, with cybercriminals evolving to take advantage of disruption and change in online behavior. Even INTERPOL is warning the public of the considerable number of malicious domains containing the terms: "coronavirus," "corona-virus," "covid19," and "covid-19." Some intelligence teams now report the number of these coronavirus-registered domains to be over 100,000.

With everyone shifting their focus towards the health crisis and how it is impacting their businesses, even large organizations have lowered their defenses. And citizens who are keen on staying up to date on the latest COVID-19 news also became less guarded, opening emails and messages and clicking links without practicing basic cybersecurity.

But just how are cyber scammers and hackers using the COVID-19 as phishing opportunities? And what can you do to protect yourself? 

 

Phishing Attacks Using Socially Engineered Emails 

Even the WHO is not immune. The WHO released a statement warning the public to be aware of criminals pretending to be them through emails and WhatsApp messages. Clicking malicious links or opening attachments in these fraudulent emails and messages could allow cybercriminals to steal private information, such as names and passwords.

Phishing scams, like the one pretending to be WHO, are everywhere, taking on various forms in an attempt to get people to visit external links, pay money, or provide their information to gain access to their accounts. Clicking these malicious redirects takes users to a familiar login box. Under the impression that they are on a legitimate website, they provide their credentials, not realizing they've just given cybercriminals all the information they need to gain access to their private accounts.

To lure people to visit URLs or download documents, phishing scams wear a coronavirus-themed disguise. The email subjects are compelling as they promise to deliver COVID-19-related updates or protection. The emails also look like they come from trustworthy sources, like government and health agencies, complete with the organization's logo, branding, and signatures, and their content promises to deliver important data, such as COVID-19 infection maps or case statistics. 

These emails have been known to slip past secure email gateways (SEGs) and evade detection from advanced threat protections (ATPs) by impersonating well-known domains and spoofed IP addresses. This was the case in phishing campaigns targeting Microsoft Office 365.

 

COVID-19 vs. Cybersecurity: Protecting Yourself from Phishing Scams 

With more people working from home, cybercriminals will try to take advantage of workers accessing their company information using their home networks. Hoping people are less guarded while working in the safety of their homes, cyber attackers bank on employees whose companies have not trained them on email security practices. 

Whether your business is still operational or much of your staff now works from home, it's crucial now, more than ever, to train your employees and add layers of security to your email ecosystem.

More than ever, companies need an Email Security Platform that is fully capable of Fraud, Malware, and Spam detection, with added features for user control, message deliverability, and traffic routing functionalities. It integrates seamlessly with any email system, including O365 and G Suite platforms, as well as many other Email systems, such as Sandbox, AVs, and Archiving. Request a demo today.

Anubis Networks

Author: Mailspike

The Anubis Labs team is tasked with the ongoing effort to discovery new threats, track and collect intelligence about malware and botnets and figure out the best approach to let our customers have a good insight on their threat landscape.