New phishing campaigns impersonating the World Health Organization (WHO) and conferencing platforms like Zoom, Interpol, and Europol are on the rise. Security researchers have observed a 30 percent increase in the number of COVID-19 related cyberattacks during a single week. Over the past three weeks, researchers discovered 192,000 such attacks every week.
COVID-19 phishing campaigns on the rise
According to CheckPoint, about 20,000 new coronavirus-domains have been registered over the past three weeks, out of which 17 percent happens to be malicious or suspicious.
Coronavirus-related frauds and scams are not new. We know that hackers have been trying to cash in on the on-going panic caused by the rising number of COVID-19 cases. But what could be the reasons behind a sudden spike in the number of phishing campaigns?
The earlier Verizon report showed that 32 percent of corporate data breaches start with phishing attacks and that’s alarming. Meanwhile, 78 percent of cyberespionage incidents involved phishing.
Previously, Google witnessed 18 million daily malware and phishing attempts over two weeks, in addition to 240 million COVID-related spam messages, and websites falling under the food retail sector continue to experience more attacks than others since the outbreak.
As per the FTC data, COVID-related scams and frauds have cost Americans over $13 million in losses and most of these complaints were about fake charity and refund-related fraud.
Between the period of February and March, researchers saw a 656 percent jump in the average daily Coronavirus-related domain name registrations, and those numbers are only growing.
“…So it’s no surprise that criminals will keep on trying to trick users into giving up sensitive information by taking advantage of the interest around the pandemic, and impersonating well-known organizations and companies such as the World Health Organization (WHO), Zoom, Microsoft or Google,” says CheckPoint.
Hackers impersonate WHO, Zoom, Interpol, Europol
Healthcare workers continue working under extreme pressure in their fight against the pandemic but unfortunately, in some cases, attackers are even trying to trick healthcare workers into falling for phishing scams, courtesy of Coronavirus Prevention Seminar that is nothing but a phishing scam.
Researchers show how cybercriminals are impersonating WHO to carry on with their phishing campaigns. Cybercriminals use the email subject line such as “Urgent letter from WHO: First human COVID-19 vaccine test/result update” to lure victims, asking for funds to be sent to compromised Bitcoin wallets.
Due to the rising demand for video-conferencing services these days, attackers were also caught using fake domains to impersonate popular video-conferencing apps such as Zoom, to spread their phishing campaigns.