7 Common Types of Phishing Attacks Cybercriminals are Launching During This Pandemic
Full Stack Developer: Josh Johnson Talks About WordPress, React Native & Beyond
April 10, 2020
The Journey of a Cyber Attacker: 5 Steps Hackers Take To Steal Your Data and Money
April 17, 2020
Cybersecurity professionals are always on their toes, but more so during a crisis such as a coronavirus pandemic. Cyber attackers are using this as an opportunity to take advantage of the panic and fear. They are launching coronavirus driven cybersecurity attacks to trick users in sharing their personal information.
In this article, you will learn about seven types of phishing attacks that cyberattacks are launching during this pandemic.
7 Common Types of Phishing Attacks
Here are seven common types of phishing attacks your business should keep an eye on.
- Malicious Infection Maps
- Personalization of World Health Organziation
- Government Relief Fund Scam
- Coronavirus Testing Kit Scam
- DNS Hijacking
- Coronavirus Tracking App Ransomware
- Forum Watering Holes
1. Malicious Infection Maps
People are taking a keen interest in real-time coronavirus statistics and maps. Hackers are taking advantage of this growing interest in maps and creating compelling lures for malicious campaigns. Instead of using email, they are creating infection map websites and lacing them up with AzorUlt infostealer malware. Hackers are using a Java-based malware kit and using the John Hopkins map to their advantage. These kits are easily available for $700 and allow cybercriminals to ramp up operations.
2. Personalization of the World Health Organization
In today’s age of misinformation and fake news, it is important that you get your information from authoritative sources. Most people will tell you to follow the advice of the World Health Organization and don’t pay attention to anything else. The bad guys also know that and are creating phishing hooks by pretending as a reputable health organization such as the Center for Disease Control or the World Health Organization. Researchers at Sophos has found that these cybercriminals are sending fake advisory emails to capitalize on the urgency of the situation. The main purpose of these emails is to trick users into sharing their login credentials.
3. Government Relief Fund Scam
Coronavirus pandemic is wreaking havoc on the world’s economy and making millions jobless. This has forced governments to act quickly and create legislation to provide relief funds to individuals and bailout packages to businesses. Hackers want to join the fun too as they are busy in creating phishing ploys that mimic government correspondence to trick users into sharing their account credentials. These types of scams are currently targeting people in countries like the USA, UK and Australia but can extend to different countries of the world and become a global scam very quickly.
4. Coronavirus Testing Kit Scam
There is a surge in demand for coronavirus testing kits around the world. That is why cybercriminals are busy designing scams surrounding the availability of these testing kits. According to the Federal Communication Commission (FCC) and Better Business Bureau (BBB), hackers are using not only emails but also robocalls and text messages.
Federal Communication Commission further adds that they have noticed a spike in robocalls related to coronavirus. These calls are luring users with work from home opportunities, student loan repayment plans and debt consolidation. These robocalls are not only limited to consumers but are also targeting small and mid-size businesses.
5. DNS Hijacking
According to a researcher at Bitdefender, cyber attackers are launching DNS hijacking attacks, which are targeting routers and network equipment remote workers depend on for connectivity. These types of DNS hijacking attacks divert users to coronavirus themed web pages containing malware. These web pages might ask you to download COVID-19 informational apps but, they are used to deliver malicious info stealer payloads. When a user visits such a web page or downloads the app, the malware is delivered to the device and infects it. This allows hackers to hijack
6. Covid-19 Tracking App Ransomware
Researchers at DomainTools found that cybercriminals are actively working on creating fake COVID-19 tracking apps that contain ransomware. One of the best examples in this regard is an app called CovidLock. The apps use a screen lock attack and force android users to change the password they are using for locking the screen. Once they change the password, that password is stolen and used by hackers to launch ransomware attacks and get access to data stored on your device. Soon, your data becomes inaccessible or stolen and the attacker might ask you to pay the ransom to get your data back.
7. Forum Watering Holes
Trend Micro researchers found a watering hole attack which is targeting iOS users through malicious news links. Once a user clicks on these malicious links, it will execute mobile malware. What’s even more interesting is the fact that these news links are legitimate and come from authoritative news sources that are shared on popular online forums. Even the posts shared on different social media channels and communities look genuine.
This makes it almost impossible to detect these malicious links. These links contain hidden iframe code that executes and allows hackers to exploit vulnerabilities found in different versions of iOS mobile operating systems. These tips of attacks will deliver a malware variant called LightSpy, which would be loaded on the victim’s device.
How do you protect your business from pandemic centric phishing attacks? Let us know in the comments section below.
