phishing

Gone Phishing: Coronavirus Scams in Action

A recent survey found that pandemic-related fraud is top of mind for consumers, with 52 percent of respondents saying they’re more worried about being victimized by a scam than normal. Thirty-two percent believe they have already been targeted by some form of attack, and 44 percent have noticed an uptick in calls, texts and emails from unknown numbers and sources.

As a recent FBI release puts it, “Scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both.” Many of these scams are in the form of phishing attacks, and a recent Dark Reading slideshow highlights some prominent examples. Among them:

  • Malicious Infection Maps. Consumers understandably are searching for up-to-the-minute data on COVID-19 diagnoses and rates of infection, and hackers are happy to exploit this interest for nefarious gains. According to Brian Krebs, “In one scheme, an interactive dashboard of Coronavirus infections and deaths produced by John Hopkins University is being used in malicious Web sites (and possibly spam emails) to spread password-stealing malware.” Selling for just $700, this and similar infection kits provide hackers with an easy means for infiltrating people’s network and data.

  • Impersonating Official Health Organizations. Phishing campaigns will often use a sense of urgency and impersonate trusted entities to trick people into responding, and this is a common theme with coronavirus-related scams. As the Dark Reading piece puts it, “Savvy criminals have been particularly focusing on piggybacking off of the legitimacy of official organizations, such as the Centers for Disease Control (CDC) and the World Health Organization (WHO), to design a range of phishing lures.”

  • Fraudulent Testing Kits. The Justice Department recently filed a complaint against a Texas-based website claiming to offer WHO vaccine kits processed via credit card payment, and this is far from the only such scam related to testing and treatment. In addition, the FCC has flagged a number of related scams, including student repayment plans, debt consolidation and new work-from-home opportunities.
  • Government Relief Funds. With government legislation available for people feeling the financial effects of coronavirus, hackers are increasingly rolling out phishing scams that impersonate government correspondence.

  • Injecting Malicious Code into Legitimate Links. Watering hole attacks, in which malicious code is injected into legitimate links, are another common coronavirus scam. Writing about one such attack in Hong Kong, the Dark Reading slideshow states, “The links were legitimate news sources that were seeded on numerous online forums through legitimate-looking posts about local developments, but the links themselves contained hidden iframes to load and execute malicious code targeting vulnerabilities in certain iOS versions.”

Of course, phishing attacks are just one example of how hackers are capitalizing on the pandemic—check out our previous blogs here and here for more on what you can do to protect yourself and your organization.