Why COVID-19 is helping cyber criminals.
Why COVID-19 is helping cyber criminals.
It’s no secret that the COVID-19 pandemic has claimed hundreds of thousands of lives around the globe, and challenged economic progress. Unfortunately, even at a time when many people are unemployed with limited or no savings, phishing scams related to COVID-19 have been on the rise too.
These scams have become more targeted with more sophistication as scammers move beyond previous themes to pandemic-relevant ones – unemployment and welfare benefits, stimulus packages, etc.
Millions of people across the country worry whether they will be able to find new jobs, retain current ones, receive benefits on time, and question if businesses will ever recover. Surviving the pandemic becomes harder every day.
Lockdowns due to COVID-19 causing people to stay home more frequently result in people using the Internet more than ever before. From keeping in touch with family, working from home, searching for new information, or learning new skills, more people using the Internet has not gone unnoticed by scammers with experience in taking advantage of people’s fears or curiosities to gain trust and steal privacy and/or money.
25% of COVID-related domains are suspicious or malicious
A recent study revealed scammers taking advantage of the COVID-19 pandemic to produce new phishing scams by evolving with new techniques to increase operational success.
In one example, while phishing campaigns initially were constructed around the scarcity of masks, pandemic information, or testing kit availability, many of the newer emerging campaigns are based on questions or concerns about welfare or unemployment benefits, or stimulus packages and cheque statuses.
While it may be tempting to look at overall trends and determine phishing activities related to COVID-19 have decreased, statistics show the opposite. Researchers have identified over 1,200 domains related to COVID-19 being registered every day, with 25% deemed suspicious or malicious. Of 600,000 sampled domains related to COVID-19, researchers identified over 125,000 malicious websites, most of them being used for phishing scams. The campaigns target people concerned about losing jobs, if children will return to school, and other legitimate concerns. Similar to the “second wave” of COVID-19, these questions and concerns will fuel the second peak of suspicious activity.
“This is the next battlefront in the digital pandemic,” said Sean McGrath, cyber security expert.
Unfortunately, a majority of the public is unprepared. A recent study found that only 5% of the public are able to detect and differentiate between phishing scam emails and genuine emails. As a result, it’s a near guarantee that phishing scams taking advantage of pandemic-related concerns are likely to succeed.
What can Internet users do to combat COVID-19 phishing scams?
Internet users need to maintain a level of suspicion and stop taking incoming messages and emails at face value. Any message or email with a tone of urgency, that asks for personal information from its recipient must be treated with a high level of caution.
Internet users should also be suspicious of shortened website URLs as well. Just because a site has the “safe” padlock symbol or uses SSL encryption (https), double-checking a URL before it’s clicked should always be done.
Back in May the NCSC reported the British public had flagged over 160,000 emails in the first two weeks, many of them offering limited supplies such as face masks or COVID-19 testing kids. Due to the active reporting on the part of Internet users, the government’s cyber-security team was able to trace and remove over 300 websites found to be bogus, an exceptional response due to the vigilant British public.
If you would like to secure your workforce’s internet browsing habits, speak to us today.