Cybercriminals exploiting COVID-19 tests in phishing attacks

Scammers are making the most of the concentrate on COVID-19 testing and the necessity for at-home check kits, says Barracuda Networks.


Picture: Shutterstock/Mashkavector

Since practically the beginning of the coronavirus outbreak, cybercriminals have been exploiting each aspect of the pandemic by preying on our nervousness and worry as a technique to make a buck. As COVID-19 testing and check kits are actually being required by extra public venues and organizations, attackers have seized on this have to attempt to rip-off individuals. A current weblog submit from safety agency Barracuda Networks appears to be like on the rise in phishing campaigns that exploit the issues over such testing.

Throughout simply the previous few months, demand has risen for COVID-19 check kits. Together with that demand has come each a shortage of check kits in addition to confusion over the place and how one can receive the kits. And people elements have triggered a rise in test-related scams. Between October and January, the variety of COVID test-related phishing assaults surged by 521%, in accordance with Barracuda. After peaking in January, the day by day common fell however has not too long ago began to rise once more.

Of their phishing campaigns, cybercriminals attempt a number of totally different ways to seize the eye of potential victims.

In some instances, attackers hawk COVID-19 assessments and medical provides reminiscent of masks and gloves. Many of those are for counterfeit or unauthorized merchandise. In different instances, scammers ship a phony notification of an unpaid order for COVID-19 assessments. Included in these emails is a PayPal account the place the attackers hope to seize cash from fearful or determined victims. And in further instances, criminals fake to be from laboratories or testing services promising to share COVID-19 check outcomes.

SEE: Combating social media phishing assaults: 10 suggestions (free PDF) (TechRepublic) 

In a single phishing electronic mail caught by Barracuda, the scammer promotes COVID-19 speedy check kits with aggressive costs and quick supply dates. The attacker goals so as to add legitimacy to the hoax by claiming that the merchandise are CE licensed (assembly European Union necessities for well being, security and setting) and have already been shipped to the European market.

In one other phishing electronic mail, the criminals are promoting not solely COVID-19 check kits and analyzers however thermometers, pulse oximeters, freezers for vaccine storage and syringes for vaccine injection.

And in another phishing electronic mail, the attackers impersonate an organization’s HR division with an hooked up PDF file claiming to be a COVID-19 vaccination self-compliance report. Additionally spoofing Microsoft and Workplace 365 within the electronic mail, the scammers wish to steal account credentials from unsuspecting staff.

Surely, US officers have tried to make the COVID-19 at-home check kits extra accessible. Anybody shopping for check kits by way of common retail channels can now submit the acquisition to their insurance coverage supplier for reimbursement. Extra simply, you possibly can order as much as 4 free check kits per family straight from the US Publish Workplace.

To guard your self and your group from phishing assaults that exploit COVID-19 assessments and associated subjects, Barracuda presents the next suggestions for IT and safety professionals:

  1. Be doubtful of any emails about COVID-19 assessments. Instruct your customers to be careful for emails that intention to promote COVID-19 check kits, provide particulars on testing websites with rapid availability, or share check outcomes. Warn them to by no means click on on hyperlinks or file attachments in such emails, particularly ones they did not anticipate.

  2. Flip to synthetic intelligence. As subtle attackers can sneak previous electronic mail gateways and spam filters, you want safety merchandise that can defend your group in opposition to spear-phishing assaults. The correct know-how would not simply scan for malicious hyperlinks or attachments however makes use of AI and machine studying to search for anomalies inside your regular communication patterns.

  3. Depend on account takeover safety. Many threats come not simply from exterior electronic mail messages however from inner ones by way of compromised worker accounts. As such, it’s essential ensure that scammers aren’t utilizing your group to launch assaults in opposition to itself. For that, depend on safety merchandise that use AI to find out when accounts have been compromised, alert customers in real-time of such incidents and take away malicious emails from these accounts.

  4. Set up robust inner insurance policies to cease fraud. Create and overview inner insurance policies to ensure that all private and monetary knowledge is dealt with appropriately. Arrange pointers and procedures to verify all electronic mail requests for wire transfers and cost modifications. Require in-person or phone affirmation and approval from a number of individuals for any monetary transaction.

  5. Practice staff to acknowledge and report cyberattacks. Present staff with consciousness coaching in regards to the newest COVID-19-related phishing scams and different attainable threats. Be sure that customers can spot these assaults and instantly report them to your IT employees or assist desk. Strive utilizing phishing simulations for electronic mail, voicemail and textual content messages in order that staff can higher determine a cyberattack.

Additionally see

Recent Articles


Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox