Cybercriminals have been taking advantage of the coronavirus outbreak to target people with phishing scams and malware in the guise of information relevant to the disease. These attacks typically take the form of malicious apps, phishing emails, and phony websites. In addition, the US government has been offering stimulus payments, presenting another area ripe for exploitation by scammers.
COVID-19 Email Phishing Scams
During the week of April 12, Google’s Gmail service blocked about 18 million malware and phishing emails per day and more than 240 million COVID-related daily spam messages. The messages are designed to exploit the public’s fears around the pandemic. According to Google, cybercriminals have been creating fake emails that pretend to be the World Health Organization and ask for donations. However, the same emails are also designed to trick you into downloading a malicious file to take over your computer.
Other emails can pose as your company’s IT staff to manipulate you into visiting a malicious link concerning COVID-19 and its effect on payroll. The cybercriminals are also creating schemes around the economic stimulus checks small businesses have been receiving from the US government.
More COVID-19 Scams, according to a recent report by Check Point Research.
- Since January, a total of 4,305 domains relating to the stimulus and relief packages have been registered
- In March, 2,081 such domains were registered, with 38 deemed malicious and 583 suspicious.
- In the first week of April, 473 such domains were registered, with 18 considered malicious and 73 suspicious.
- Further, the registration of these types of domains jumped by three and a half times in the week starting March 16 when the US government announced a stimulus package for taxpayers.
Beyond the domains, phishing emails with malicious attachments related to the stimulus have also continued to increase. In one example, an email with the subject “RE: UN COVID-19 Stimulus” was caught distributing the AgentTesla malware. In another, an email titled “COVID-19 Payment” was discovered trying to infect people with the Zeus Sphinx trojan. Sent to specific individuals at targeted organizations, these emails direct users to a phishing login page to deliver the malicious payload.
Overall, 94% of the coronavirus-related cyberattacks during the past two weeks were phishing attempts, while 3% were mobile attacks sent through malicious apps or conducted through malicious activity on a mobile device. The number of attacks has surged to an average of 14,000 per day, six times the amount from the previous two weeks.
What is Phishing?
At a high level, phishing is trying to trick people into doing something via an email that enables the attacker to hack a target. Typically, when we’re talking about phishing, the emails that consumers receive are from someone impersonating a brand or an individual.
For example, if the adversary’s goal is to get the consumer to click a link that then leads to a malicious site asking for personal information to help them login to the target’s bank account, the link could be anything from “click to reset your password,” to an email impersonating your mortgage loan officer asking you to “click to pay your overdue fees.”
Another version of phishing is an email that includes malicious attachments. A typical example is an email allegedly from a mobile carrier telling consumers they have a bill past due and to open the attachment to view it. Once you open that infected document, a few things can happen. There might be a link to a contaminated site that may install malware on your computer or ask for your credentials. An automated message from the hacker disguised as a standard prompt may ask you to enable macros in the document, which then installs the threat on your machine. Or, the document itself could contain an exploit – simply opening it could cause you to be infected.
Types of Phishing
The most basic and commonly seen type of attack, of course, is the phishing email. Phishing emails are sent to a group of users who are unique enough to be used as bait but broad enough to ensnare many people. The point is to cast as broad a net as possible. In contrast, other forms of attack can be much more targeted.
- Spear phishing, as might be gathered from its title, usually targets a specific person or organization. Since these types of attacks are so pointed, phishers scour the Internet for available information about their target to craft a believable email to extort information (if not money) from victims.
- Whaling is a form of spear phishing directed at executives or other high-profile targets within a business, government, or other organization, such as a CEO, senator, or someone who has access to financial assets. CFO fraud is an example of whaling.
- Smishing, short for SMS phishing, is carried out via SMS text messaging on mobile devices. A similar technique, vishing, is voice phishing conducted over the phone.
- Pharming, also known as DNS-based phishing, is a type of phishing that involves the modification or tampering of a system’s host files or domain name system to redirect requests for URLs to a fake site. As a result, users have no idea that the website they are entering their personal details into is fake.
- Content-injection phishing is when phishers insert malicious code or misleading content into legitimate sites that instruct users to enter their credentials or personal information. This type of phishing is a form of content spoofing.
- Man-in-the-middle phishing happens when phishers position themselves between people and the websites they use, such as social networking sites or online banks, to extract information as it’s being entered. This type of phishing is more difficult to detect because attackers continue to pass on users’ data (after collecting it) so as not to disrupt any transactions.
- Search engine phishing starts when phishers create malicious websites with attractive offers, and search engines index them. People then stumble upon such sites while doing their online searches and, thinking the sites are legit, unknowingly give up their personal information.
How to Fight Back Against Phishing Attacks
Employee awareness is the most crucial factor in preventing successful phishing attacks. Use penetration testing to identify who is most likely to need extra training. Verizon reported that while 78% of people did not click on a single phishing email all year, an average of 4% will click, and those same people tend to be repeat offenders.
Technical measures to combat phishing attacks include implementing email sandboxing solutions that check the safety of emailed links when users click on them, disabling macros from running on all machines on your network, and inspecting and analyzing all of your web traffic in real-time.
Conclusions
The recent outbreak of the Coronavirus is changing the business world, and companies and individuals need to be prepared. Reviewing your cybersecurity processes and services during this time is critical.
The Cybersecurity experts at Lazarus Alliance are completely committed to you and your business’s success. Regardless of whether you represent the private sector or the public sector, we stand ready to partner with your organizations.
Lazarus Alliance is proactive cybersecurity®. Call 1-888-896-7580 to discuss your organization’s cybersecurity needs and find out how we can help your organization adhere to cybersecurity regulations, maintain compliance, and secure your systems.
What Is Autonomous Malware?
We’re reaching the end of 2025, and looking ahead to 2026, most experts are discussing the latest threats that will shape the year ahead. This year, we’re seeing a new, but not unexpected, shift to autonomous threats driven by state-sponsored actors and AI. With that in mind, a new generation of threats, broadly known as...Continue reading→
What CISA’s Emergency Directive 26-01 Means for Everyone
In mid-October 2025, the CISA issued one of its most urgent orders yet: Emergency Directive 26-01. The directive calls on all Federal Civilian Executive Branch (FCEB) agencies to immediately mitigate vulnerabilities in devices from F5 Networks following a state-sponsored breach of F5’s systems and access to portions of BIG-IP source code and vulnerability data. The event...Continue reading→
Cybersecurity and Vetting AI-Powered Tools
A recent exploit involving a new AI-focused browser shone a light on a critical problem–namely, that browser security is a constant issue, and AI is just making that threat more pronounced. Attackers discovered a way to use that browser’s memory features to implant hidden instructions inside an AI assistant. Once stored, those instructions triggered unwanted...Continue reading→
Shutdown Security And Cyber Vulnerability
When the federal government shuts down, the public sees closed monuments, unpaid workers, and halted programs. What they do not see is the silent surge of cyberattacks targeting agencies already operating on fumes. During the most recent shutdown, attacks against U.S. government systems spiked by nearly 85%. Cybersecurity failures during government disruptions rarely start with...Continue reading→
Identity and the Shift from Malware
The world of cyber threats is rapidly evolving, and while we can see these changes more generally, it’s always crucial to understand them concretely. As the 2025 CrowdStrike Global Threat Report shows us, the landscape of our industry is changing. We’re digging into this report to discuss a challenging trend: the move of hackers foregoing...Continue reading→
Maintaining Compliance Against Prompt Injection Attacks
The increasing adoption of AI by businesses introduces security risks that current cybersecurity frameworks are not prepared to address. A particularly complex emerging threat is prompt injection attacks. These attacks manipulate the integrity of large language models and other AI systems, potentially compromising security protocols and legal compliance. Organizations adopting AI must have a plan...Continue reading→
Are We Already Talking About CMMC 3.0?
The ink has barely dried on the CMMC final rule, and already the defense contracting community is buzzing with speculation about what comes next. Just when contractors thought they had a moment to catch their breath after years of regulatory limbo, whispers of CMMC 3.0 have begun circulating through the industry. But is this just...Continue reading→
Centralizing Identity-Based Risk
As the traditional network boundary dissolves and remote work becomes standard practice, identities are the major frontier for security. Whether we’re talking about human users, service accounts, or machine identities, these have emerged as both the primary access mechanism and the most targeted attack vector. It has become imperative for providers to centralize identity management...Continue reading→
Deviation and Significant Change Requests in FedRAMP: A Comprehensive Guide
FedRAMP provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by federal agencies. While the program’s rigorous baseline requirements ensure consistent security, the reality is that this consistency calls for a little flexibility. This is where deviation requests and significant change requests come into play. These two...Continue reading→
The Costs of Compliance and Data Breaches
Data is possibly one of the most valuable assets any organization holds. Customer information, employee records, and proprietary business intelligence present challenges because the data flowing through modern enterprises represents both significant opportunities and serious risks. Businesses face a challenging balance: investing in compliance measures to protect sensitive information while also preparing for the real...Continue reading→
Related Posts