Starting in January of this year, there’s been a steady increase in coronavirus-themed phishing emails.
In fact, Barracuda Networks found a massive spike in these attacks–up an incredible 667% since the end of February. What this means to consumers everywhere is that hackers are quite good at email phishing, especially when the topic of coronavirus is all-consuming. It’s an extreme point of emotional vulnerability for society, and there are rapidly growing numbers of email phishing attacks taking advantage of a public in crisis.
In three short months, the researchers also found the number of email phishing attacks using a coronavirus theme increased significantly by month.
Barracuda Networks sums up what we can expect from bad actors, “Skilled attackers are good at leveraging emotions to elicit response to their phishing attempts…With the fear, uncertainty, and even sympathy stemming from the coronavirus COVID-19 situation, attackers have found some key emotions to leverage.” They find three main types of phishing lures are currently targeting the public.
Email scams are in overdrive. They include using fake charities for donations, coronavirus cures, face masks and equipment, and investments in bogus companies claiming to be working on a vaccine cure.
Emotet Trojan and Lokibot are the most common types of malware found in coronavirus-themed phishing emails. Emotet is a popular banking Trojan designed to steal financial data from victims. Lokibot steals login credentials and other personal data. Both malware types use emails with infected attachments to enter systems.
Infected links in phishing emails are an effective way to steal your personal information. Many use legitimate health organizations for a cover, or simply make up a name that sounds important. Clicking the link takes users to spoofed (fake) login pages designed to steal as much sensitive information as possible.
Keeping It Real: Email Phishing Tips
- Suspect any email asking you to click on links and open attachments.
- Be on the lookout for emails from organizations you don’t normally get messages from, no matter how legitimate they seem, such as fraudulent emails claiming to be from the CDC.
- Watch for brand impersonation, especially those with ties to healthcare. Even though the email claims to be from a trusted source or brand, tread carefully.
- Donate directly to a vetted charity and don’t use email links to donation sites. If an organization asks for financial gifts in Bitcoin, it’s a huge red flag.