According to new data from security researchers at Forcepoint, the interest in coronavirus-themed emails and websites by cybercriminals is cause for concern.
As with any globally newsworthy story, the bad guys find ways to piggyback on the public’s interest. And while it doesn’t look like the timing of these malicious campaigns is perfectly aligned with genuine interest and concern, the data shows the era of COVID-19 scams is far from over.
According to the data:
- Legitimate web traffic related to interest in the Coronavirus peaked on March 15th
- Traffic to coronavirus-related malicious URLs peaked on March 29th
- A recent spike in domains with covid or corona in the name has occurred as late as April 12th – this, after domains peaked on March 22nd
Email data shows a similar trend:
- Emails linking to legitimate sites with covid or corona in the domain name peaked on March 29th
- Emails categorized as spam with link to with covid or corona domains peaked at the end of March
- Emails categorized as malicious with link to with covid or corona domains peaked on March 22nd (same as web traffic) and then emerged once again around April 12th
It should be noted that this analysis only involves those emails with embedded links. Emails containing malicious attachments and those relying solely on social engineering are not represented here.
According to Forcepoint, email security solutions are a solid defense against “emails containing an embedded URL.” But organization wish to provide protection against all email-borne threats should consider Security Awareness Training as a means to elevate the user’s understanding of what suspicious and/or malicious email content looks like in an effort to avoid becoming a victim.
The spikes in domains and web traffic in April may indicate we’re just seeing the tip of the coronavirus scam iceberg. As long as user keep falling for these scams, the longer the bad guys will keep it up.