There will always be ne’er-do-wells preying on the fears and concerns of people. Case in point – COVID-19 being used by cybercriminals to conduct phishing operations.
Since the start of the pandemic in March 2020, Kaspersky has recorded 5 000 websites using COVID-19 to lure users.
The websites are a mix of discounted COVID-19 tests and more nefarious things like selling fake vaccination certificates.
“In most cases of pandemic-related fraud the goal of cybercriminals is to obtain users data. Phishing is often used for this: a user follows a link from an advert or email and gets to a page where he is asked to enter personal information and bank card details. Having obtained such information, attackers can use it, for example, to steal money from banking accounts,” says head of Content Filtering Methods Development at Kaspersky, Alexey Marchenko.
Those 5 000 websites were what Kaspersky spotted, but there are many more threats out there that leverage COVID-19.
In a report by Interpol between March and April of 2020, 2 022 malicious domains and 40 2361 high risk domains had been registered. Interpol doesn’t state what those domains were being used for but we suspect the intent was malicious.
Business Email Compromise seems to be the attack vector of choice however, because cybercriminals can leverage ransoms, steal money outright or put a blockade in a businesses processes. As we’ve seen recently, larger businesses have paid ransoms just to be able to continue operations.
With so much danger online it’s important to practice good cybersecurity hygiene. This includes using strong passwords, changing passwords regularly, backing up important files and using the most up-to-date software and security solutions.
You should also be cautious when it comes to clicking links to website you don’t recognise and opening emails that look suspicious.