Cybercriminals are specializing in phishing attacks during pandemic

Get a free Techzine subscription!

The latest report from one of the top cybersecurity firms, Kaspersky, revealed that cybercriminals are advancing their phishing attacks. These criminals are taking advantage of the ongoing COVID-19 pandemic to develop new ideas on how to deploy their malware.  

Researchers from Kaspersky said that the attackers are now using phishing attacks that have been diversified to include different formats.  

Based on an analysis conducted on popular social engineering tactics, Kaspersky discovered that fraudsters created fake websites and emails that contained the available products and services that an ordinary customer would want to buy.

The popular products advertised as part of their malicious plan to attract potential victims, who would later succumb to their attacks.

New techniques

It was also noted that many of the built websites appeared to be sloppy, implying that the cybercriminals were not particularly keen on cultivating a sense of authenticity in the sites. The report found four new phishing techniques used during the coronavirus pandemic.

The approaches majored in impersonation, fake communications, postal services, and phony HR emails.

  • Impersonation
    The criminals used delivery services for impersonation. They would send out a fake parcel notification to a potential victim. The notification would contain malicious attachments containing information on the shipment that a victim would be prompted to open and let the malicious files run.
  • Postal Services
    Criminals would use postal services to deliver spyware installers hidden in postal receipts and eventually spy on the potential victims.
  • Fake Communications
    Meanwhile, fraudsters interfered with bank account transactions. The criminals sent out fake communications on bonus schemes as part of luring people into disclosing crucial information.
  • Fake HR emails
    The final approach that the criminals used was sending fake HR emails so that victims would open an attachment and download a malicious file known as Trojan-Downloader.MSOffice.SLoad.gen.

With proper awareness, phishing can be reduced. The next several months will unleash even more attacks, which is why everyone has to be vigilant.

Tip: Cybercrime becomes more sophisticated: ‘we can’t continue like this.’