#COVID19 Phishing Emails Surge 500% on Omicron Concerns
The latest COVID-19 variant has led to a 521% increase in phishing attacks using the virus as a lure to trick users into clicking, according to Barracuda Networks.
Cyber-criminals often use newsworthy events in their social engineering attacks, and COVID-19 provided a bumper opportunity when it emerged in 2020.
The security vendor observed a 667% month-on-month surge in COVID-19 phishing emails from February to March that year. It recorded another significant increase when new vaccines were released at the start of 2021.
Now public concern over the highly transmissible Omicron variant is catching the eye of phishers.
Among the tactics used to trick users into clicking on malicious links and/or entering personal details are offers of counterfeit or unauthorized COVID-19 tests and protective equipment such as masks or gloves.
Some impersonate testing labs and providers, or even employees sharing their results, said Barracuda.
In other phishing emails, the user may receive a fake notification for an unpaid order of tests and is urged to provide their PayPal details to complete delivery of the kit, the vendor claimed.
Barracuda Networks CTO, Fleming Shi, said the answer lies in improving employee phishing awareness training and plugging in advanced email security.
“Capitalizing on the chaos of the pandemic is not a new trend in the world of cybercrime. Yet with constantly evolving tactics, and new trends to latch on to, it’s easy to see why scammers are not giving up on this trick,” he added.
“Just like the threat of COVID-19, pandemic-themed scams are not going to disappear overnight, but fortunately, there are a number of tactics that businesses and consumers can employ to ensure they remain protected.”
In related news, a Comparitech study this week claimed that unscrupulous healthcare workers are enabling a massive black market in COVID-19 digital vaccination certificates and passes.
The researchers found dark web adverts looking for any such workers who empathize with the anti-vaxxers buying these passes.
“When someone buys a fraudulent certificate, they must first sign up for their country’s respective COVID vaccination database. They send their name, PIN number and other necessary info to the vendor,” Comparitech explained.
“A doctor or other healthcare worker marks that person’s record with confirmed vaccination. The buyer’s QR code then becomes valid. It takes just a few hours for the process to complete once a purchase is made.”
More Stories
Friday Squid Blogging: Squid Sticker
A sticker for your water bottle. Blog moderation policy. Read More
Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe
OpenAI must also initiate a six-month public awareness campaign across Italian media, explaining how it processes personal data for AI...
Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers
The Security Service of Ukraine has accused Russian-linked actors of perpetrating a cyber-attack against the state registers of Ukraine Read...
LockBit Admins Tease a New Ransomware Version
The LockBitSupp persona said LockBit 4.0 will be launched in February 2025 Read More
Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns
The FBI has issued a warning about the Hiatus RAT malware targeting Xiongmai and Hikvision web cameras and DVRs, urging...
CISA Urges Encrypted Messaging After Salt Typhoon Hack
The US Cybersecurity and Infrastructure Security Agency recommended users turn on phishing-resistant MFA and switch to Signal-like apps for messaging...