COVID-19 Scams Rising Again
The latest omicron variant has led to another spike in COVID-19 cases as well as phishing attacks. That’s according to Barracuda’s latest threat spotlight.
As demand for COVID-19 tests increased in recent weeks, the number of scams exploiting the scarcity of tests also went up. Barracuda researchers have seen an increase in COVID-19 test-related phishing attacks over the past couple of months. Between October and January, the number of COVID-19 test-related scams increased by 521%. The daily average peaked in early January, declining recently before starting to trend upward again.
Cybercriminals are taking advantage of the heightened focus on COVID-19 testing and the ongoing scarcity of tests to launch phishing attacks. Scammers are using different tactics to get the attention of their victims.
Some of the most common scams included:
- Offers to sell COVID-19 tests and other medical supplies such as masks or gloves. Some of these scams are selling counterfeit or otherwise unauthorized products.
- Fake unpaid notifications for COVID-19 test orders. Scammers provide a PayPal account to send payments to complete purchases of rapid tests, counting on the desperation of their victims.
- Impersonation of either labs, testing providers or individual employees sharing fake COVID-19 test results.
Olesia Klevchuk is principal product marketing manager at Barracuda. She said to keep COVID-19 phishing scams from succeeding, MSPs can take advantage of artificial intelligence (AI), deploy account-takeover protection, train staffers to recognize and report attacks, and set up strong internal policies to prevent fraud.
“Hackers will continue to use this theme in the future as long as the pandemic dominates headlines,” she said. “They use the latest and most top-of-mind topics. Spring 2020 it was COVID-19 and remote working. Winter 2021 there was an uptick in vaccine-related attacks. Now it’s COVID-19 tests as demand is so high. With the U.S. government launching [its] free-tests program, I won’t be surprised to see some impersonation attacks urging victims to register for free tests on the fake phishing sites. It’s worth noting that [the] absolute volume of these attacks remains low. But that’s what contributes to their success. They are targeted, play on fear and sense of urgency, while relying on information that is top of mind for many. All of these are perfect characteristics of a social engineering attack.”
