Scammers riding the COVID-19 wave are adapting to new scenarios as the pandemic evolves. Checkpoint recently discovered that over 192,000 coronavirus-related phishing attacks per week over the past three weeks, a 30% increase compared to previous weeks. In the past three weeks, almost 20,000 new coronavirus-related domains were registered: 17% of these are malicious or suspicious.
While we all try to get used to the Covid-19 pandemic’s ‘new normal’ in our work and home lives, this year has been a time of unprecedented opportunity for cyber-criminals. The global response to the pandemic, and our desire for the latest information about it, has supercharged criminals’ and hackers’ business-as-usual models of phishing emails and fake websites.
So why do criminals rely so heavily on phishing emails to launch attacks? The answer is simple: because they continue to work.
For example, cyber criminals have recently sent malicious emails posing as the WHO from the domain “who.int” with the email subject, “Urgent letter from WHO: First human COVID-19 vaccine test/result update” to lure victims. The emails contained a file named “xerox_scan_covid-19_urgent information letter.xlxs.exe “ that contained the AgentTesla malware. Victims who clicked on the file ended up downloading the malware.
As working from home is now the norm for a majority of people during the pandemic, we have reported previously how cyber criminals were using fake Zoom domains for their phishing activity. In fact, in the last 3 weeks alone, around 2,500 new Zoom-related domains were registered (2,449). 1.5% of these domains are malicious (32) and other 13% are suspicious (320). Since January 2020 to date, a total of 6,576 Zoom-related domains have been registered globally.
At the beginning of the outbreak, domains related to live maps (tracking geographic areas that saw a rise in coronavirus cases) were very common, as well as domains related to coronavirus symptoms. Towards the end of March, the focus turned to relief packages and stimulus payments due to the economic plans executed by several countries. Since several countries have started easing restrictions, and begun planning the return to normal life, domains related to life after the coronavirus have become more common, as well as domains about a possible second wave of the virus. Along the entire pandemic timeframe, domains related to tests kits and vaccines remain very common, with slight increases as time goes on.
For a phishing attack to be successful, it has to trick users. So to protect yourself, be suspicious of any email or communication from a familiar brand or organization that asks you to click on a link or open an attached document, no matter how official it appears to be. New-school security awareness training can ensure your users are spotting the warning signs as they continue to work in a remote workforce.