#COVID19 Phishing Emails Surge 500% on Omicron Concerns
The latest COVID-19 variant has led to a 521% increase in phishing attacks using the virus as a lure to trick users into clicking, according to Barracuda Networks.
Cyber-criminals often use newsworthy events in their social engineering attacks, and COVID-19 provided a bumper opportunity when it emerged in 2020.
The security vendor observed a 667% month-on-month surge in COVID-19 phishing emails from February to March that year. It recorded another significant increase when new vaccines were released at the start of 2021.
Now public concern over the highly transmissible Omicron variant is catching the eye of phishers.
Among the tactics used to trick users into clicking on malicious links and/or entering personal details are offers of counterfeit or unauthorized COVID-19 tests and protective equipment such as masks or gloves.
Some impersonate testing labs and providers, or even employees sharing their results, said Barracuda.
In other phishing emails, the user may receive a fake notification for an unpaid order of tests and is urged to provide their PayPal details to complete delivery of the kit, the vendor claimed.
Barracuda Networks CTO, Fleming Shi, said the answer lies in improving employee phishing awareness training and plugging in advanced email security.
“Capitalizing on the chaos of the pandemic is not a new trend in the world of cybercrime. Yet with constantly evolving tactics, and new trends to latch on to, it’s easy to see why scammers are not giving up on this trick,” he added.
“Just like the threat of COVID-19, pandemic-themed scams are not going to disappear overnight, but fortunately, there are a number of tactics that businesses and consumers can employ to ensure they remain protected.”
In related news, a Comparitech study this week claimed that unscrupulous healthcare workers are enabling a massive black market in COVID-19 digital vaccination certificates and passes.
The researchers found dark web adverts looking for any such workers who empathize with the anti-vaxxers buying these passes.
“When someone buys a fraudulent certificate, they must first sign up for their country’s respective COVID vaccination database. They send their name, PIN number and other necessary info to the vendor,” Comparitech explained.
“A doctor or other healthcare worker marks that person’s record with confirmed vaccination. The buyer’s QR code then becomes valid. It takes just a few hours for the process to complete once a purchase is made.”
More Stories
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google...
Friday Squid Blogging: Sunscreen from Squid Pigments
They’re better for the environment. Blog moderation policy. Read More
Compromising the Secure Boot Process
This isn’t good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than...
Synnovis Restores Systems After Cyber-Attack, But Blood Shortages Remain
Synnovis has rebuilt “substantial parts” of its systems following the Qilin ransomware attack on June 3, enabling the restoration of...
Hacktivists Claim Leak of CrowdStrike Threat Intelligence
CrowdStrike has acknowledged the claims by the USDoD hacktivist group, which has provided a link to download the alleged threat...
CrowdStrike Falcon Outage Exploited for Social Engineering
Cyber threat actors are exploiting the CrowdStrike Falcon outage to conduct social engineering attacks. Here's what the CIS CTI team...