The mutating landscape of COVID-19 related scams
It’s been almost 11 months, but COVID-19 hasn’t gone away. The pandemic has affected almost all aspects of daily life. While a vaccine is available, the rollout could take months before the virus recedes enough that we open to a new post COVID-19 world. In the time of lockdown, we’ve seen hackers take advantage of the misinformation and desperation of individuals and organizations trying to adjust to the new normal. These scams have been going on since the beginning of the pandemic, and while they might have been effective at the start, they have become more recognized and less relevant. However, just as we see new strains of the virus threatening our vaccine’s effectiveness, hackers have adapted and created new cyberattacks to keep their victims off guard.
When COVID-19 started, many scams focused around information on the virus, initial outbreak locations, and eventually scams to steal the first stimulus check. While these phishing attacks were effective, as time went on they became less relevant to people who learned more about COVID-19 and had less of an incentive to click on and follow through with these phishing emails. While early in 2020 we saw many different scams around the coronavirus, by late 2020 most of these scams had declined in popularity and replaced by the usual credential harvesting scams and seasonal holiday phishing campaigns. Some of these scams have had lasting effectiveness, primarily ones that take advantage of how people communicate and work remotely. Zoom and Skype based phishing attacks remain effective, as people still use these services and can be fooled into clicking the wrong link or responding to video conference invitations.
Phishing emails and other cyberattacks have hit organizations especially hard in the past year. As more people work remotely, the number of avenues for an attacker to successfully compromise a network has grown, and the damage from a network compromise has amplified. The schools, healthcare industry, and local governments have been bombarded by targeted phishing attacks, where the usual outcome has been some type of ransomware disabling their network or massive data breach leaking personal information. Unfortunately, these type of organizations have not adapted well and boosted their cybersecurity defense, and are still vulnerable to hacker’s attacks and demands, even though there has been a push to give them resources to combat this issue.
New scams take advantage of people’s expectations of life returning to normal. Phishing emails disguised as financial or availability notifications from businesses, COVID-19 relief charities, stimulus package information, or organizations in charge of vaccination rollout are all increasing in popularity. A major issue with these types of campaigns is that they normally target those who receive less cybersecurity training and are less likely to be able to identify and protect themselves against attacks. However, it isn’t all bad news, as even though the number of phishing attacks has risen to an astronomical percentage, the effectiveness of these emails has decreased overall. This means that ordinary users are getting better at recognizing phishing emails and are less deceived by hackers’ current tactics. Hopefully, this trend continues and account compromise and security breaches will start decreasing in the future.
In order to protect yourself against coronavirus-themed malware and phishing attacks, make sure your personal devices are updated to the latest versions will prevent any security vulnerabilities to be exploited, and be able to identify and report phishing emails to stop credential harvesting campaigns and malware from infecting your network.