We all are fish in the eyes of the cybercriminals. Needless to say, we don’t want to be caught. However, hackers have the bait – “phishing scams” and are waiting to trap us. And COVID-19 is like a cherry on the cake for the cyberattackers.
Capitalizing on the coronavirus, the cybercriminals are making the most of the current scenarios with phishing scams.
Advanced persistent threat (APT) groups are leveraging the COVID-19 outbreak as part of their cyber operations. Masquerading as trusted entities, APTs are sending out coronavirus themed phishing messages and malicious applications to individuals and organizations for their commercial gain.
Let’s dive into the 3 COVID-19 related phishing scams that hackers are riding on lately and learn how we can stay away from them!
Email Phishing Scams
Many threat actors are leveraging COVID-19-related phishing emails to steal user credentials Lately, the National Cyber Security Centre (NCSC) discovered several emails employing the “Agent Tesla” key logger malware, which claimed to be sent from the World Health Organization (WHO).
In addition to Agent Tesla, most of the COVID-19 related phishing emails are being sent through LokiBot and NetWire malware enclosed as attachments, which are enabling cyber crooks to steal personal and financial data.
SMS Phishing Scams
Typically, SMS phishing involves financial incentives, government payments, and rebates as part of the lure. In the last couple of weeks, a series of SMS texts leveraged a UK government-themed lure to collect name, address, email, and banking information.
Appearing to be from the “UKGOV”, these SMS texts enclosed a link to the phishing site. Besides SMS, hackers are using WhatsApp and other messaging services for sending malicious messages related to COVID-19.
BEC Phishing Scams
Amidst the coronavirus pandemic, the hackers are profiteering on medicines, protective gear, and peddling fake coronavirus preventatives or cures. Recently, Europol arrested a fraudster in Singapore who claimed to supply FFP2 surgical masks, hand sanitizers, and other medical products under the name of a legitimate organization.
The man attempted to generate money from a business email compromise (BEC) scam related to COVID-19. Unlike other phishing cyberattacks, BEC attacks prey on business users especially those that carry out fund transfers. In BEC scams, hackers claim to be a vendor or other affiliated organization and attempt to steal login credentials or financial information from the victims.
How to Stay Away From the Scams
In order to keep SMS phishing at bay, the NCSC and CISA have jointly issued security guidelines. Also, the Federal Trade Commission (FTC) has advised individuals to practice proper online security, which includes using two-factor authentication and backing up personal information. In case your personal information has been compromised, you can visit FTC’s Identity Theft site to file a complaint and save yourself from further harm.
Threat actors are continuously revamping their strategies to gain from the COVID-19 pandemic. Realizing the advent of phishing scams, both individuals and organizations need to remain hypervigilant.
While opening coronavirus-themed emails or text messages containing links to phishing websites, individuals as well as organizations need to remember the security guidelines issued by the NCSC, ASD, CISA, and DHS. To be on the safer side, maintain virtual social distancing and abstain from clicking on links or attachments enclosed in unsolicited emails.
To learn more about cybersecurity awareness, enroll in our security awareness training program, and discover more insights into online security and privacy