Coronavirus-related Phishing Scams and Attacks on the rise

Cybercriminals have been taking advantage of the coronavirus outbreak to target people with phishing scams and malware in the guise of information relevant to the disease. These attacks typically take the form of malicious apps, phishing emails, and phony websites. In addition, the US government has been offering stimulus payments, presenting another area ripe for exploitation by scammers.

COVID 19 Email Phishing Scams

During the week of April 12, Google’s Gmail service blocked about 18 million malware and phishing emails per day and more than 240 million COVID-related daily spam messages. The messages are designed to exploit the public’s fears around the pandemic. According to Google, cybercriminals have been creating fake emails that pretend to be the World Health Organization and ask for donations. However, the same emails are also designed to trick you into downloading a malicious file to take over your computer.

Other emails can pose as your company’s IT staff to manipulate you into visiting a malicious link concerning COVID-19 and its effect on payroll. The cybercriminals are also creating schemes around the economic stimulus checks small businesses have been receiving from the US government.

More COVID 19 Scams according to a recent report by Check Point Research.

• Since January, a total of 4,305 domains relating to the stimulus and relief packages have been registered
• In March, 2,081 such domains were registered with 38 deemed malicious and 583 suspicious.
• In the first week of April, 473 such domains were registered with 18 considered malicious and 73 suspicious.
• Further, the registration of these types of domains jumped by three and a half times in the week starting March 16 when the US government announced a stimulus package for taxpayers.

Beyond the domains, phishing emails with malicious attachments related to the stimulus have also continued to increase. In one example, an email with the subject “RE: UN COVID-19 Stimulus” was caught distributing the AgentTesla malware. In another, an email titled “COVID-19 Payment” was discovered trying to infect people with the Zeus Sphinx trojan. Sent to specific individuals at targeted organizations, these emails direct users to a phishing login page to deliver the malicious payload.

Overall, 94% of the coronavirus-related cyberattacks during the past two weeks were phishing attempts, while 3% were mobile attacks sent through malicious apps or conducted through malicious activity on a mobile device. The number of attacks has surged to an average of 14,000 per day, six times the amount from the previous two weeks.

What is Phishing?

At a high level, phishing is trying to trick people into doing something via an email that enables the attacker to hack a target. Typically, when we’re talking about phishing, the emails that consumers receive are from someone impersonating a brand or an individual.

For example, if the adversary’s goal is to get the consumer to click a link that then leads to a malicious site asking for personal information to help them login to the target’s bank account, the link could be anything from “click to reset your password,” to an email impersonating your mortgage loan officer asking you to “click to pay your overdue fees.”

Another version of phishing is an email that includes malicious attachments. A typical example is an email allegedly from a mobile carrier telling consumers they have a bill past due and to open the attachment to view it. Once you open that infected document, a few things can happen. There might be a link to a contaminated site that may install malware on your computer or ask for your credentials. An automated message from the hacker disguised as a standard prompt may ask you to enable macros in the document, which then installs the threat on your machine. Or, the document itself could contain an exploit – simply opening it could cause you to be infected.

Types of Phishing

The most basic and commonly seen type of attack, of course, is the phishing email. Phishing emails are sent to a group of users who are unique enough to be used as bait but broad enough to ensnare many people. The point is to cast as broad a net as possible. In contrast, other forms of attack can be much more targeted.

• Spear phishing, as might be gathered from its title, usually targets a specific person or organization. Since these types of attacks are so pointed, phishers scour the Internet for available information about their target to craft a believable email to extort information (if not money) from victims.
• Whaling is a form of spear phishing directed at executives or other high-profile targets within a business, government, or other organization, such as a CEO, senator, or someone who has access to financial assets. CFO fraud is an example of whaling.
• Smishing, short for SMS phishing, is carried out via SMS text messaging on mobile devices. A similar technique, vishing, is voice phishing conducted over the phone.
• Pharming, also known as DNS-based phishing, is a type of phishing that involves the modification or tampering of a system’s host files or domain name system to redirect requests for URLs to a fake site. As a result, users have no idea that the website they are entering their personal details into is fake.
• Content-injection phishing is when phishers insert malicious code or misleading content into legitimate sites that instruct users to enter their credentials or personal information. This type of phishing is a form of content spoofing.
• Man-in-the-middle phishing happens when phishers position themselves between people and the websites they use, such as social networking sites or online banks, to extract information as it’s being entered. This type of phishing is more difficult to detect because attackers continue to pass on users’ data (after collecting it) so as not to disrupt any transactions.
• Search engine phishing starts when phishers create malicious websites with attractive offers, and search engines index them. People then stumble upon such sites doing their online searches and, thinking the sites are legit, unknowingly give up their personal information.

How to Fight Back Against Phishing Attacks

Employee awareness is the most crucial factor in preventing successful phishing attacks. Use penetration testing to identify who is most likely to need extra training. Verizon reported that while 78% of people did not click on a single phishing email all year, an average of 4% will click – and those same people tend to be repeat offenders.

Technical measures to combat phishing attacks include implementing email sandboxing solutions that check the safety of emailed links when users click on them; disabling macros from running on all machines on your network; and inspecting and analyzing all of your web traffic in real-time.

Conclusions

The recent outbreak of the Coronavirus is changing the business world, and companies and individuals need to be prepared. Reviewing your cyber security processes and services during this time is critical.

The Cyber Security experts at Lazarus Alliance are completely committed to you and your business’ success. Regardless of whether you represent the private sector or the public sector, we stand ready to partner with your organizations.

Lazarus Alliance is proactive cyber security®. Call 1-888-896-7580 to discuss your organization’s cyber security needs and find out how we can help your organization adhere to cyber security regulations, maintain compliance, and secure your systems.