Phishing emails have spiked by over 600% since the end of February as cyber-criminals look to capitalize on the fear and uncertainty generated by the COVID-19 pandemic, according to Barracuda Networks.
The security vendor observed just 137 incidents in January, rising to 1188 in February and 9116 so far in March. Around 2% of the 468,000 global email attacks detected by the firm were classified as COVID-19-themed.
As is usually the case, the attacks used widespread awareness of the subject to trick users into handing over their log-ins and financial information, and/or unwittingly downloading malware to their computers
Of the COVID-19 phishing attacks, 54% were classified as scams, 34% as brand impersonation attacks, 11% blackmail and 1% as business email compromise (BEC).
As well as the usual lures to click through for more information on the pandemic, some scammers are claiming to sell cures and/or face-masks, while others try to elicit investment in companies producing vaccines, or donations to fight the virus and provide support to victims.
“This is a new low for cyber-criminals, who are acting like piranha fish, cowardly attacking people on mass when they are at their most vulnerable,” argued MP Dean Russell, member of the Health and Social Care Select Committee. “It’s vital that the public remain vigilant against scam emails during this challenging time.”
Unfortunately, computer users are as exposed as ever to phishing scams like these, according to new research.
Security awareness training company KnowBe4 claimed that 38% of untrained end users are susceptible to phishing, i.e. they will fail realistic phishing scenarios. This is up by over 8% from 2019 figures.
The good news is that this average dropped 60% after 90 days of phishing training with real-world simulation exercises, the vendor claimed.