Scammers took advantage of people’s desire to order wine online during the pandemic, Decanter reports. Researchers at Recorded Future disclosed in a recent report that wine-related phishing scams increased significantly after the onset of the pandemic.
“New wine-themed domain registrations hovered between 3,000 and 4,000 per month until March 2020,” Recorded Future said. “In March 2020, Recorded Future noted a small uptick of new domain registrations at almost 5,500. In April 2020, the number jumped to almost 7,200, then in May 2020 the number skyrocketed to 12,400. From June 2020 onward, the number of new wine-themed domain registrations fluctuated between 7,000 and 9,500, in other words 2 to 3 times the number registered pre-COVID-19. The total number of wine-related domains registered between April 2020 and March 2021 containing the above keywords was 96,489.”
Recorded Future’s Allan Liska told Decanter that most of these phishing campaigns were traditional scams taking advantage of wine themes.
“The majority of activity we saw over the last year revolved around spam campaigns,” Allan Liska said. “They appear primarily designed to get victims to click on websites for ad revenue purposes or to buy questionable wine-related products. There also seems to be an interest in harvesting email addresses and other personal information. This data is collected and often sold on underground forums (often referred to as the Dark Web).”
A portion of the scams, however, were targeted business email compromise (BEC) attacks, which are often far more damaging than not targeted phishing attacks.
“The most serious threat, which accounted for about 13.5% of the email campaigns observed, is Business Email Compromise,” Liska said. “These are emails that are designed to trick victims into wiring funds to the attacker under the guise of a business purpose. These could be as simple as, ‘You need to pay this invoice for the wine your boss ordered,’ to more complex attacks that purport to come from the CEO or other senior management.”
New-school security awareness training can help your employees thwart targeted social engineering attacks. (Even when the phishbait involves Spätlese or Zinfandel.)
Decanter has the story.