From October 2021 and January 2022, Barracuda researchers noted attacks increasing by 521%, with daily average peaking in early January, coinciding with a worldwide increase in demand for COVID tests because of the rapid spread of the Omicron variant.
This surge in ‘COVID test’-related phishing attacks is just the latest strategy that cybercriminals have employed throughout the course of the pandemic.
Back in March 2020, when COVID-19 started to spread rapidly, Barracuda researchers observed that COVID-related phishing attacks jumped 667%. Similarly, as vaccination programmes started to roll out at the start of 2021, so too did a new wave of vaccine-related email threats.
This recent analysis shows that cybercriminals are using a variety of tactics to get the attention of their victims by taking advantage of their desperation and anxiety. They include sending fake notifications of unpaid orders for COVID-19 tests, where the cybercriminal will provide a PayPal account to send payments to complete the purchase of rapid tests, and impersonating lab personnel or testing providers, sharing fake COVID-19 test results.
“Capitalising on the chaos of the pandemic is not a new trend in the world of cybercrime. But, with constantly evolving tactics, and new trends to take advantage of, it’s easy to see why cybercriminals continue to exploit the situation,” said Mark Lukie, systems engineer manager, Barracuda, Asia-Pacific.
He cautioned that just like the threat of COVID-19, pandemic-themed scams are not going to disappear overnight, but fortunately there are a number of tactics that businesses and consumers can employ to ensure they remain protected.
For a start, businesses can leverage sophisticated email security which utilises artificial intelligence to detect and block email attack tactics that are designed to bypass basic gateways and spam filters.
“Providing employees with up-to-date user awareness training about COVID-related phishing, seasonal scams, and other potential threats is a vital cybercrime prevention method, as is establishing and reviewing existing fraud detection policies, to ensure that personal and financial information is handled properly,” Lukie concluded.
