I read a great article last week by Risk Based Security – a leader in vulnerability intelligence – about modern phishing attempts (please see here) and how Coronavirus Fear and Anxiety Drives Phishing Scams. “malicious attackers are targeting unsuspecting people on the web.”
This article said there was a “tendency to associate phishing with crude boilerplate emails, dubious attachments, and poor attention spans”. But, sophisticated “attackers were spoofing system update prompts or redirecting users to pages with all sorts of dubious code.”
But it gets worse. Cyber thieves and ID theft criminals didn’t are already taking advantage of fear and anxiety surrounding the global COVID-19 pandemic.
Risk-Based Security then released another article titled Coronavirus Isn’t the Only Virus Going Around (please see here) reporting that “malicious attackers will always find new ways to target individuals and organizations. This time, hackers are installing malware on computers and harvesting user credentials by preying on people’s curiosity and fear of the coronavirus (COVID-19).”
Phishing Example
One new phishing example is where “scammers pose as the Centers for Disease Control (CDC) advising that there are new COVID-19 cases reported in the user’s city and requesting that they follow a link to learn more. From there, clicking the provided URL covertly redirects the user to a spoofed login page. If the user completes the process by providing their credentials, they are now compromised.”
The Major Cause
For years I have written and spoken on how IT and hacking are the sizzle that makes the news headlines. However, the vast majority of data breach events are the result of phishing emails and not high technology hacking tools.
According to the FBI’s Internet Crime Complaint Center (IC3) 2019 Internet Crime Report (please see here), phishing scams were the most common type of internet crime last year where 114,000 U.S. consumers lost more than $57.8 million in 2019 as the result of phishing.
Let’s not forget…
that cyber and ID theft criminals pretend to be trustworthy to trick people into handing over personal details or account information. Now COVID-19 related scams are showing up in multiple locations including the internet, your work email, and your personal email.
Based on the severity of our national emergency and because of Coronavirus Fear and Anxiety Drives Phishing Scams – we need to be diligent and aware of the numerous phishing emails and scams in the foreseeable future.
By Mark Pribish
Vice President and ID Theft Practice Leader