Pandemic Related Phishing Websites are on the Rise Since Covid-19 Start
Phishing scams have become more common than ever. However, it wasn’t always the case about 25 years ago when the earliest phishing attack took place. Now it has become one of the deadliest and most dangerous threats not only to businesses but also to individuals. Irrespective of whether it targets an individual, a large corporate sector, or anything in between, it can cause catastrophic consequences.
Phishing Attacks and New Opportunities for Cyber Criminals
The most successful types of phishing attacks that cybercriminals use usually involve a combination of advanced social engineering tactics. Additionally, it can also involve the practice of impersonating business partners, vendors, charities, government organisations, company executives, and CEOs. It’s important to note that a phishing attack is basically one of the main attack vectors for ransomware that can wreak havoc indirectly and cause huge financial losses to organisations.
Phishing, just like any other cyberattack, has evolved over the course of the last 25 years, and it still remains one of the most effective and common types of cyberattacks. According to the Sophos (a British Security organisation) report, the COVID-19 pandemic has opened new doors and possibilities for phishing attacks, and the cybercriminals devised new strategies and techniques to take advantage of them.
COVID-19 and the Peak of Phishing Attacks
The international cybersecurity organisation Kaspersky has reportedly prevented more than one million distinct users from visiting websites related to the COVID-19 pandemic from March 2020 to July 2021. The security experts from Kaspersky observed and analysed the COVID-19 related phishing pages and spam emails that were developed to steal credentials. It allowed the company to better understand how cybercriminals exploit the global crisis caused by COVID-19.
The company has also reported that since the start of the pandemic, it has identified over 5,000 different COVID-19 related phishing websites. The free or discounted COVID-19 tests and fake payment offers, vaccination certificates for public events and restaurants, and fake QR codes generated by phishing ads are some of the most common techniques and strategies that cyber attackers use.
The peak of COVID-19 related spamming and phishing activity peaked in March of 2021. According to Kaspersky, there was a small decline in June 2020. but the cyber attackers intensified their efforts, and the company identified and clocked about 14 percent more spamming websites in June 2021 as compared to May 2021.
It’s observed that in most cases, cyber attackers tried to steal the user credentials in most COVID-19 related fraud cases. Phishing is one of the best techniques to steal user credentials. An unaware person usually follows a link and is redirected to the phishing webpage. The user is then asked to enter his/her sensitive information such as bank account information, user Id, password, contact information, etcetera. After getting their hand on such information, cybercriminals can use it to steal money directly from the user’s bank.
That’s why it’s advisable to double-check all the web pages, especially related to COVID-19, that you see to make sure whether it’s from an official and reliable source or not. It’s recommended by Alexey Marchenko, who is the head of Kaspersky’s Content Filtering Methods Department.
Cybercriminals and Attacks are Getting More Advanced
Because of the continued increase in cyberattacks, especially related to phishing, it’s estimated that all of our connected devices will constantly be under attack very soon. That’s because, with time, cyberattacks are becoming more sophisticated, incessant, and difficult to identify.
Cyber attackers are now even utilising the power of artificial intelligence to create smart malware. Although organisations are also working on different techniques and methods to overcome these challenges, the number of people falling victim to cyberattacks is continuously increasing.
It’s critical for the organisation to understand that the landscape of cybersecurity and cyberthreat is evolving. That’s why their response should also do the same. Otherwise, they’ll be left vulnerable to such attacks that can cause irreversible and irreparable results to both individuals and companies.
The cybersecurity experts recommend keeping the following points in mind to avoid phishing attacks.
- Always check the URL that you receive via message or email from an unknown source and make sure whether there is any spelling mistake or not. If there’s, then consider it a red flag.
- It’s better to avoid URLs from all unknown sources.
- Observe the URL redirects carefully and make sure it doesn’t send you to another similar-looking website with a slightly different name.
- If you receive an email from a familiar source, but it appears to be a little suspicious, then reply to them back to confirm if the link is legit and trustable.
- Never share, post, or write your PII (Personally Identifiable Information) on any social media or unknown website. This information includes phone number, email address, bank account information, birthday, even your vacation plans. Attackers use such information to create a strong narrative against you to steal your credentials.
Please check out Scamwatch for more examples and read tips on how to prevent being scammed.
How are Organisations Dealing with Phishing Attacks?
A survey by Sophos reveals that different people perceive and understand phishing attacks differently. About 57 percent of people believe that phishing attacks are all about emails that contain unreliable URLs and falsely claim that they are sent by a legitimate organisation. These emails usually have a request or threat that’s included to get information.
The survey also shows that the government sectors don’t usually take the necessary steps, such as conducting cybersecurity awareness programs. That’s one of the biggest reasons why government sectors fall victim to phishing attacks more than private organisations.
Interestingly, 70 percent of the respondents of the Sophos survey said that their organisations had experienced more phishing attacks since the start of the COVID-19 pandemic. Fortunately, 90 percent of the respondents say that their organisations have started conducting some sort of cybersecurity programs in order to deal with phishing attacks. Moreover, 6 percent of the organisations said that they are planning to do so in the near future.
It’s one of the best ways to address the increasing number of phishing attacks that all cybersecurity experts and security team leaders must understand. Moreover, Mr Chester Wisniewski, the principal research scientist at Sophos, said that organisations should also try to keep phishing emails from reaching the intended recipients in the first place.
Written by The Original PC Doctor on 30/09/2021.