Coronavirus-themed phishing attacks up 667% in March

Written by Peter Walker
2603/20

Cyber criminals are cashing-in on the COVID-19 crisis by launching a wave of Coronavirus-related email attacks.

Researchers from Barracuda Networks have been monitoring global phishing activity around the outbreak since the start of the year, recording 137 incidents in January, 1,188 in February, rising to 9,116 in March so far - an increase of 667 per cent since the end of February.

Between 1 March and 23 March, Barracuda Sentinel detected a total of 467,825 email attacks globally. Breaking down the data, 9,116 of those detections were related to COVID-19, representing about two per cent of attacks, according to the report.

A variety of phishing campaigns are taking advantage of the heightened focus on COVID-19 to distribute malware, steal credentials and scam users out of money. The attacks use common phishing tactics that are seen regularly, however a growing number of campaigns are using the Coronavirus as a lure to try to trick distracted users to capitalise on the fear and uncertainty of their intended victims.

Barracuda’s research team have seen three main types of phishing attacks using coronavirus COVID-19 themes - scamming, brand impersonation and business email compromise. Of the Coronavirus-related attacks detected by Barracuda Sentinel through to 23 March, 54 per cent were scams, 34 per cent are brand impersonation attacks, 11 per cent were blackmail and one per cent were business email compromise.

The goals of the attacks ranged from distributing malware to stealing credentials. One scam email claimed they were looking to sell Coronavirus cures or face masks, or asking for investments in fake companies that claimed to be developing vaccines.

Additionally, scams in the form of donation requests for fake charities are another popular phishing method our researchers have seen taking advantage of Coronavirus. One example of a scam caught by the Barracuda systems claimed to be from the World Health Community - trying to take advantage of similarity to the World Health Organisation - and asked for donations to a Bitcoin wallet provided in the email.

Phishing attacks using COVID-19 as a hook are quickly getting more sophisticated. In the past few days, Barracuda researchers have seen a significant number of blackmail attacks popping up and a few instances of conversation hijacking. In comparison, until just a few days ago, researcher were primarily seeing mostly scamming attacks. As of 17 March, the breakdown Coronavirus phishing attacks detected by Barracuda Sentinel, 77 per cent were scams, while 22 per cent were brand impersonation.

For example, researchers saw one blackmail attack that claimed to have access to personal information about the victim, know their whereabouts, and threatened to infect the victim and their family with coronavirus unless a ransom was paid. Barracuda Sentinel detected this particular attack 1,008 times over the span of two days.

Dean Russell, MP for Watford and member of the Health and Social Care Select Committee commented: “This is a new low for cyber criminals, who are acting like piranha fish, cowardly attacking people on mass when they are at their most vulnerable."

Chris Ross, senior vice president at Barracuda Networks, added: "Our research shows that cyber criminals are exploiting the COVID-19 crisis by launching thousands of sophisticated email phishing attacks designed to trick unsuspecting workers into handing over passwords, log-in details and financial data.

'It is absolutely vital that all employees are trained and supported to spot these scams, particularly at a time when they will be less vigilant and distracted due to working from home."