Hackers exploiting COVID-19 anxiety in targeted phishing scams

Phishing assaults are becoming increasingly targeted, and the COVID-19 pandemic is one of many ways hackers are exploiting people and small companies.

By Gregory Hale August 12, 2020

Phishing assaults are becoming increasingly targeted, and attackers are using new tricks from HR dismissal emails to attacks disguised as delivery notifications, researchers said. Anxiety and confusion about the COVID-19 pandemic is one of many ways they’re exploiting people.

Phishing is one of the oldest and most flexible types of social engineering attacks. It is used in many ways, and for different purposes, to lure unwary users to a site and trick them into entering personal information. That often includes financial credentials such as bank account passwords or payment card details, or login details for social media accounts. In the wrong hands, that information can open doors to various malicious operations, such as money being stolen or corporate networks being compromised. This makes phishing a popular initial infection method.

Phishing is a strong attack method because it occurs at such a large scale. By sending massive waves of emails under the name of legitimate institutions or promoting fake pages, malicious users increase their chances of success in their hunt for innocent people’s credentials. The first six months of 2020, however, have shown a new aspect to this well-known form of attack, according to researchers in Kaspersky’s new Spam and Phishing in Q2 2020 report

Small companies are common target

Further analysis found in Q2, phishers increasingly performed targeted attacks, with most of their focus on small companies. To attract attention, attackers forged emails and websites from organizations whose products or services could end up purchased by potential victims. In the process of making these fake assets, attackers often did not even try to make the site appear authentic.

Targeted phishing attacks can have serious consequences. Once an attacker gained access to an employee’s mailbox, they can use it to carry out further assaults on the company the employee works for, the rest of its staff, or even its contractors.

COVID-19 pandemic is an influence

In addition, news coverage of the COVID-19 outbreak influenced the “excuses” attackers use when asking for personal information. This included disguising their communications with unsuspecting users as:

Delivery services: At the peak of the pandemic, organizations responsible for delivering letters and parcels were in a hurry to notify recipients of possible delays. These are the types of emails that attackers began to fake, with victims asked to open an attachment to find out the address of a warehouse where they could pick up a shipment that did not reach its destination.

Postal services: Another original move used by attackers was a message containing a small image of a postal receipt. The scammers expected the intrigued recipient would accept the attachment (which, although it contained ‘JPG’ in the name, was an executable archive) as the full version and decide to open it. The Noon spyware appeared in mailings of this type examined by Kaspersky researchers.

Financial services: Bank phishing attacks in the second quarter often ended up carried out using emails offering various benefits and bonuses to customers of credit institutions due to the pandemic. Emails received by users contained a file with instructions or links to get more details. As a result, depending on the scheme, fraudsters could gain access to users’ computers, personal data, or authentication data for various services.

HR services: The weakening of the economy during the pandemic in a number of countries caused a wave of unemployment, and fraudsters did not miss this opportunity to strike. Kaspersky experts encountered various mailings that announced, for example, amendments to medical leave policies, or surprised the recipient with news of their dismissal. In some attachments, there was a Trojan file, which is often used for downloading and installing encryptors.

“When summarizing the results of the first quarter, we assumed that COVID-19 would be the main topic for spammers and phishers for the past few months,” said Tatyana Sidorina, security researcher at Kaspersky. “And it certainly happened. While there was the rare spam mailing sent out without mentioning the pandemic, phishers adapted their old schemes to make them relevant for the current news agenda, as well as come up with new tricks.”

Cybersecurity best practices

The following are some best practices Kaspersky researchers suggest to protect against phishing:

  • Always check online addresses in unknown or unexpected messages, whether it is the web address of the site where you are directed, the link address in a message and even the sender’s email address, to make sure they are genuine and the link in the message doesn’t hide a different hyperlink.
  • If you are not sure the website is genuine and secure, never enter your credentials. If you think that you have may have entered your login and password on a fake page, immediately change your password and call your bank or other payment provider if you think your card details were compromised.
  • Use a proper security solution with behavior-based anti-phishing technologies, which will warn you if you are trying to visit a phishing web page.

This content originally appeared on ISSSource.comISSSource is a CFE Media content partner.

Original content can be found at isssource.com.

Author Bio: Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information website covering safety and security issues in the manufacturing automation sector.