COVID-19 Being Used as Phishing Attack Bait

By April 22, 2020Alert

Phishing campaigns and scams related to Covid-19 have been exploding since January. This trend isn’t just being lead by criminals. Government-backed hackers around the world are getting in on the action, exploiting the pandemic as cover for digital reconnaissance and espionage.

On Wednesday, Google’s Threat Analysis Group published findings about two of the state-sponsored campaigns it’s been tracking. So far Google has found more than 12 state-sponsored hacking groups that are using the coronavirus to as a basis for phishing emails and to disseminate malware.

According to Google, their systems have “detected 18 million malware and phishing Gmail messages per day related to COVID-19, in addition to more than 240 million COVID-related daily spam messages.” This doesn’t represent a marked increase in activity by government-backed hackers, but is a change in tactics. These groups always look to target vulnerable subjects, and the coronavirus is ripe for exploitation.

Bad actors are using tried and true tricks with COVID-19 as the bait. Some messages offer free meals or coupons in response to the virus, while others try to get recipients to visit sites disguised as online ordering or delivery options. In some cases malware is being injected directed into emails that pretend to be from health organizations. Government employees, overwhelmed by response efforts, are being targeted with these phishing emails.

Sendio’s email security products help to ensure that these kind of dangerous emails never reach end users. Greatly minimizing the risk that malware, phishing, or ransomware attacks will be successful.