Capitalizing on a Crisis: Phishing Attacks During COVID-19

Blurred image of ER waiting room
Reading Time: 3 minutes

[Reading Time – 3 minutes 0 seconds]

What would be your reaction to a pickpocket who was caught stealing from health care professionals tending to COVID-19 patients in an emergency room? Shock, outrage, anger, and indignation! Here are a group of health care professionals serving others and are so focused on the crisis that they are distracted from watching their pockets or purses.

But that’s just what we have in cybersecurity right now: threat actors are taking advantage of users around the world whose thoughts are focused on hand washing, social distancing, and other life-saving defenses during this COVID-10 pandemic. And like pickpockets in an emergency room, these threat actors are taking advantage of this distraction and are capitalizing on a crisis.

Beware of Spear Phishing Attacks

According to Barracuda Networks since the beginning of 2020 there has been a steady increase of coronavirus-related spear phishing attacks. In January only 137 such phishing attacks were detected. That jumped to 1,188 coronavirus-related spear phishing attacks in February. But in the first three weeks of March a 667 percent increase was detected. And these attacks are growing exponentially.

A variety of different phishing campaigns are trying to take advantage of our distracted focus on COVID-19. These campaigns are designed to distribute malware, steal user credentials, and scam victims out of their money. In terms of numbers, 54 percent of the phishing attacks in March were scams, 34 percent were brand impersonation attacks, 11 percent were blackmail, and 1 percent were business email compromise (BEC).

And drilling down to the specific attacks reveal just how low cybercriminals will go.

In one phishing blackmail attack the threat actors claim to have access to personal information about the user including where they live. The attackers then threaten to visit the user and infect them and their family with COVID-19 unless they pay a ransom. Over a span of two days this attack was detected over 1,008 times.

Fake Cures, Supplies and Companies

Many of the phishing scams offer to sell coronavirus cures or face masks. Some scams are asking for investments in fake companies that claim to be developing vaccines. Other phishing scams ask for donations for fake charities, such as for the “World Health Community” (this organization does not exist, but the name is similar enough to the World Health Organization that causes confusion).


Other phishing attacks result in malware infecting the victim’s computer. Email subject lines such as a “Breaking Coronavirus News Update” or “One Thing You Must Do” are common and can cause unsuspecting victims to click on the email link. Some phishing attacks claim to be from the Center of Disease Control (CDC) with a list of new cases “around your city” and goes on to say, “You are immediately advised to go through the cases above to avoid potential hazards.” But clicking on the link causes malware to be installed on your computer that attempts to steal your Microsoft Exchange password.

Shock, outrage, anger, and indignation!

So, what is being done? And what should we do?

Last Wednesday (Mar 25 2020) the domain registrar Namecheap announced that it would no longer accept any new application for a domain name that included the words “coronavirus,” “covid,” and “vaccine,” or other versions of words and phrases alluding to COVID-19 (legitimate companies and website owners can apply for a domain name containing one of the now-banned words by contacting Namecheap’s support team and going through a manual review process). By denying these words as part of a domain name this could help users not to be confused by domain names that appear to be authentic.

Protecting Yourself

But this is only a small drop in the bucket. The real burden falls upon us to protect ourselves.

Be extra cautious during these times when you are reading your emails. Even if the email looks genuine, have a strong degree of skepticism of everything you receive.

  • Do not open an attachment or click on a link, even if it appears to come from someone you know or looks like a reputable source.
  • Be particularly cautious of emails claiming to be from sources from whom you normally would not receive emails. (Remember, the CDC is not going to send you emails; they’re rather busy right now!).
  • Be equally cautious of emails that look like they are from organizations or users that you normally receive correspondence. “Brand impersonation” is a skill that threat actors have honed to a sharp razor’s edge.
  • When you choose to make a donation, do not reply to an email asking for money. And no reputable charity is taking donations through Bitcoin wallets! You can search for legitimate organizations online to whom you can send your money.

These attackers will stop at nothing to capitalize on a crisis. Don’t help them out.