Fraudsters are increasingly using the Covid-19 crisis in email phishing attacks, according to a new report from Barracuda Networks. According to the report, there were over 9,000 instances of the deadly disease being used in attack emails. That represents nearly 2% of all attacks.
In general, phishing attacks work by inducing email recipients to take swift action by spiking their sense of fear and/or anxiety about a time-sensitive situation. For example, fraudsters have been known to threaten people with the release of compromising photos or information if a certain action isn’t taken within a very short time frame.
This type of ‘hook’ as it is known, appears to be a perfect vehicle for thieves looking to prey on the current tense global situation surrounding Covid-19.
“A variety of phishing campaigns are taking advantage of the heightened focus on COVID-19 to distribute malware, steal credentials, and scam users out of money,” Barracuda said in a blog post about the report. “The attacks use common phishing tactics that are seen regularly, however a growing number of campaigns are using the coronavirus as a lure to try to trick distracted users capitalize on the fear and uncertainty of their intended victims.”
The report also states that fraudsters are using Covid-19 to run a wide range of phishing scams, including business email compromise (BEC). The goal of these scams is to use infected links to either deliver malware onto the victim’s computer, or steal their credentials.
One popular tactic is to send an email stressing the need to clarify the production/delivery status of orders, with an ‘invoice’ attached. Barracuda states this type of ‘invoice premise’ has been used more than 3,000 times. A second tactic is to send employees emails claiming to be from reputable public organizations, such as the European Centre for Disease Prevention and Control, and including a link to click on for updates. Delivery vehicles for this type of attack also include sites claiming to provide ‘maps of the outbreak’.
Barracuda also provides advice for avoiding these scams. This includes common best practices like using an anti-phishing solution and ensuring you know who the email sender is before clicking any links in a message.