COVID-19 Emails go From Zero to Half a Million a Day in Just Three Months

iStock-1193107809According to new data from security researchers at Forcepoint, the interest in coronavirus-themed emails and websites by cybercriminals is cause for concern.

As with any globally newsworthy story, the bad guys find ways to piggyback on the public’s interest. And while it doesn’t look like the timing of these malicious campaigns is perfectly aligned with genuine interest and concern, the data shows the era of COVID-19 scams is far from over.

According to the data:

  • Legitimate web traffic related to interest in the Coronavirus peaked on March 15th
  • Traffic to coronavirus-related malicious URLs peaked on March 29th
  • A recent spike in domains with covid or corona in the name has occurred as late as April 12th – this, after domains peaked on March 22nd

Email data shows a similar trend:

  • Emails linking to legitimate sites with covid or corona in the domain name peaked on March 29th
  • Emails categorized as spam with link to with covid or corona domains peaked at the end of March
  • Emails categorized as malicious with link to with covid or corona domains peaked on March 22nd (same as web traffic) and then emerged once again around April 12th

It should be noted that this analysis only involves those emails with embedded links. Emails containing malicious attachments and those relying solely on social engineering are not represented here.

According to Forcepoint, email security solutions are a solid defense against “emails containing an embedded URL.”  But organization wish to provide protection against all email-borne threats should consider Security Awareness Training as a means to elevate the user’s understanding of what suspicious and/or malicious email content looks like in an effort to avoid becoming a victim.

The spikes in domains and web traffic in April may indicate we’re just seeing the tip of the coronavirus scam iceberg.  As long as user keep falling for these scams, the longer the bad guys will keep it up.

Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Request a Demo!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews