Wine-Themed Phishing Attacks Have Turned Sour During the Pandemic



Wine-Themed Phishing AttacksScammers took advantage of people’s desire to order wine online during the pandemic, Decanter reports. Researchers at Recorded Future disclosed in a recent report that wine-related phishing scams increased significantly after the onset of the pandemic.

“New wine-themed domain registrations hovered between 3,000 and 4,000 per month until March 2020,” Recorded Future said. “In March 2020, Recorded Future noted a small uptick of new domain registrations at almost 5,500. In April 2020, the number jumped to almost 7,200, then in May 2020 the number skyrocketed to 12,400. From June 2020 onward, the number of new wine-themed domain registrations fluctuated between 7,000 and 9,500, in other words 2 to 3 times the number registered pre-COVID-19. The total number of wine-related domains registered between April 2020 and March 2021 containing the above keywords was 96,489.”

Recorded Future’s Allan Liska told Decanter that most of these phishing campaigns were traditional scams taking advantage of wine themes.

“The majority of activity we saw over the last year revolved around spam campaigns,” Allan Liska said. “They appear primarily designed to get victims to click on websites for ad revenue purposes or to buy questionable wine-related products. There also seems to be an interest in harvesting email addresses and other personal information. This data is collected and often sold on underground forums (often referred to as the Dark Web).”

A portion of the scams, however, were targeted business email compromise (BEC) attacks, which are often far more damaging than not targeted phishing attacks.

“The most serious threat, which accounted for about 13.5% of the email campaigns observed, is Business Email Compromise,” Liska said. “These are emails that are designed to trick victims into wiring funds to the attacker under the guise of a business purpose. These could be as simple as, ‘You need to pay this invoice for the wine your boss ordered,’ to more complex attacks that purport to come from the CEO or other senior management.”

New-school security awareness training can help your employees thwart targeted social engineering attacks. (Even when the phishbait involves Spätlese or Zinfandel.)

Decanter has the story.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer

Topics: Phishing, CEO Fraud

Subscribe To Our Blog


Cybersecurity Awareness Month Resource Kit




Get the latest about social engineering

Subscribe to CyberheistNews