Go Phish: Cybercriminals Stick to Coronavirus and Financial Content to Fuel Phishing Schemes


We’ve reached the half-year mark and online scammers are
still taking advantage of the uncertainties brought on by the pandemic.

Cyber-attacks targeting both consumers and business surged
worldwide, and the trend shows no sign of stopping any time soon. In recent
months, coronavirus-related attacks spiked, and email has remained the prime
vector of choice for enabling them. What are the latest phishing trends that
fraudsters use in an attempt to steal personal and financial details from
Internet users?

In the past two months, Bitdefender’s telemetry has shown
a steady surge of coronavirus-related emails, with 42.9% of the correspondence flagged
as suspicious, fraudulent or malicious.

Fraudsters continue to exploit the coronavirus to spread malicious links and attachments, with many phishing emails impersonating agencies and bodies such as the World Health Organization (WHO).

Some of the latest ruses include updates on the evolution of the virus and malicious attachments that infect the recipients’ device when accessed. Scammers also act under the guise of the government, leveraging the temporary ban on importing or exporting goods, or financial institutions offering COVID-19 Financial Relief Fund.

Coronavirus ‘cures’ were also marketed by fraudsters who offer new miracle drugs that can cure the illness “within five days.”

Of course, their list would not be complete without a reminder to purchase some protective gear. Our Bitdefender labs also flagged emails advertising Covid-19 reusable facemasks.

Additionally, some peculiar spikes in phishing emails relating to different financial institutions were noticed. A campaign targeting Standard Bank customers started on May 14, and continued up until mid-June, with various upticks during the end and the beginning of the week.

More than 97% of incoming emails were suspicious,
fraudulent or malicious, and it appears that cyber-criminals have a tendency to
lay low on Saturday, most likely because users also take a break from reading
emails.

On June 8, more than 95% of the influx of emails relating to HSBC bank was fraudulent in nature.

A third phishing campaign mimicking the World Bank was observed the next day. Nearly 81% of the correspondence that impersonated this grant institution turned out to be malicious.

Fraudsters also took advantage of the popularity of money
transfer companies such as Moneygram. A steady flow of phishing emails was observed
between June 23 and July 1. 91% of emails using company’s name were malicious
and, surprisingly enough, the crooks were offering to compensate victims who had
previously paid off scammers.

Most phishing emails seem innocent at first, and appear
to originate from a trusted source such as government organizations, ministries
of health, centers for public health or a bank. However, they contain malicious
attachments or embedded links, that once accessed, deploy various malware on
the recipient’s device. This malicious software can let cyber crooks take
control of your computer, log your keystrokes, access your personal information
and financial data, and even encrypt your data with ransomware.

Cyber criminals know you are busy and have a lot on your
mind. They transmit a sense of urgency and prey on human emotion, hoping you
will miss red flags. This makes phishing one of the most reliable means for
identity thieves to steal your personal and financial data.

While some fraudsters have updated their tactics and
spend a longer time planning their endgame, not all of them do. The most
frequent tip-offs include:

  • poor grammar and obvious spelling mistakes
  • the messages ask for your personal
    information
  • the message is unsolicited and appears to be
    from a government, health or financial agency
  • too-good-to-be-true offer