Hackers Get Creative in Latest COVID-19-Fueled Phishing Tactics

Phishing continuously evolves as hackers constantly improve their tactics to net more victims. But the COVID-19 pandemic has sparked their imaginations and created a notable surge in phishing creativity. MSSPs need to add these new tactics to their security measures and client employees’ phishing training to keep everyone aware and informed. Here are some of the most notable and newest phishing threats.

Who knows who WHO is? IBM X-Force recently identified a new HawkEye malware variant distributed in emails spoofing the Director-General of the World Health Organization, Dr. Tedros Adhanom Ghebreyesus. That email campaign began on March 19 and continues today, according to the X-Force researchers.

Specifically, the spam email has attachments with Agent Tesla malware which deploys a keylogger and info stealer. The emails are personalized for each recipient by a username stripped out of the email address. And the emails claim to be from Dr Tedros Adhanom Ghebreyesus, Director-General of WHO – instead of the organization in general – to gain credibility with recipients, the researchers said.

KnowBe4’s James McQuiggan

“Unfortunately, the pandemic entices criminals to increase their social engineering and phishing email scams and target people’s fear with false information. The criminals rely on fear and the appetite for information to lure people to open attachments or click the links to load malware onto their systems,” said James McQuiggan, security awareness advocate at KnowBe4.

Fake OneDrive logins. There’s a new global work-from-home phishing campaign that uses a fake OneDrive login in a credential-stealing scam.

“We are seeing more phishing emails that are trying to trick users into giving their credentials through a faked login page. Threat actors are actively utilizing this pandemic to attempt to compromise individuals’ accounts and organization’s networks,” said Mimecast researchers. “The potential for human error will inevitably increase and we expect to see more of these phishing attempts in the coming days and weeks.”

Customer support chatbots steal personal information. A new phishing scam discovered by MalwareHunterTeam targets Russian victims using a “customer support” to notify them of a refund for unused internet or cellphone services. The chatbot scheme is likely to expand the victim count to include people in other countries.

“If it’s too good to be true, it probably is — a famous quote, but one that is a recommended warning to be heeded when it comes to online ads, pop-ups or emails. In this case, the attackers are luring the victims with the promise of money and many are unknowingly falling for it,” said McQuiggan.

McQuiggan says the best prevention is to verify the website or the organization providing the opportunity and reply there.

“Checking to see if the company is real or ignoring it completely and closing the window is recommended. There are a lot of ads which are online scams that utilize click bait to entice people to click a link,” said McQuiggan.

“The victim is then prone to give up sensitive information or provide access to their social media accounts, which in turn leads to the criminal hackers gaining access to more information about the victim to leverage against their own contacts, friends and family,” McQuiggan added.

Google registers a 350% Increase in phishing websites. According to data and analysis by Atlas VPN, “the number of phishing websites spiked by 350% during the coronavirus pandemic. This led to the number of registered phishing sites to rocket to over half a million in March 2020.”

Highlights of the report on the researchers’ findings include:

• In January, Google registered a total of 149,195 active phishing websites. In February, the number increased by 50%, reaching 293,235 of registered phishing websites.
• Comparing March to January, the number of phishing websites increased by 350%, reaching 522,495 in total.
• The number of coronavirus-related phishing websites hit a total of 316,523 in March.
• The number of suspicious websites containing COVID-19 related keywords – more than 67,000 – peaked on March 21.

AtlasVPN’s Rachel Welsh

“Hackers identified coronavirus as something users are desperate to find information on. Panic leads to irrational thinking and people forget the basics of cybersecurity. Users then download malicious files or try to purchase in-demand items from unsafe websites, in result becoming victims of scams,” said Rachel Welsh, COO of Atlas VPN.

As protective measures against COVID-19 continue for the foreseeable future in nearly every country, more creative phishing tactics will emerge. MSSPs are now burdened to spot them quickly and guard their clients against them.