Phishing grows by 220% as cyber criminals leverage COVID-19 pandemic

Over half of all phishing websites mimicked large brands

phishing

According to new research, cyber crime has risen sharply as criminals continue taking advantage of the global coronavirus pandemic in their attacks. 

In its fourth Phishing and Fraud Report, cyber security firm F5 Labs has seen phishing attempts increase by 220% over the past few months. And there is no sign of this trend slowing down anytime soon, as F5 predicts the number of phishing attacks to grow 15% year-on-year. 

Most coronavirus-themed phishing campaigns have focused on fraudulent donations to fake charities, credential harvesting and malware delivery, explained F5. 

“The risk of being phished is higher than ever and fraudsters are increasingly using digital certificates to make their sites appear genuine,” said David Warburton, senior threat evangelist at F5 Labs. 

“Attackers are also quick to jump onto emotive trends and COVID-19 will continue to fuel an already significant threat. Unfortunately, our research indicates that security controls, user training and overall awareness still appear to be falling short across the world.”  

Opportunistic phishing attacks 

During the pandemic, attackers have been far more opportunistic with their attacks. When analyzing digital certificates, F5 discovered that 14,940 used the words “covid” and “corona” — allegedly, to evoke an emotional response from victims. 

What’s more, over half of phishing websites (52%) masqueraded as major brands. The most impersonated companies were Amazon, Paypal, Apple, WhatsApp, Microsoft Office, Netflix and Instagram.

After conducting a phishing attack, perpetrators would use the compromised passwords within four hours. And hackers conducted many of these attacks in real-time to obtain multi-factor authentication codes. 

Furthermore, around 20% of phishing URLs were WordPress sites, up from 4.7% three years ago, and cyber crooks used free domain names to make their attacks more cost-effective. 

In 2020, attackers have taken several steps to trick victims into thinking phishing websites are legitimate. For example, F5 found 72% of phishing websites used genuine HTTPS certificates, and 100% of drop zones employed TLS encryption.

Taking action against phishing

Warburton warned that people will continue to fall victim to these attacks "as long as there is a human that can be psychologically manipulated in some way."

Related Resource

Best practices for protecting remote work

Staying safe and secure while working from home

Download now

Therefore, he explained that "security controls and web browsers alike must become more proficient at highlighting fraudulent sites to users.”

He added, “Individuals and organizations also need to be continuously trained on the latest techniques used by fraudsters. Crucially, there needs to be a big emphasis on the way attackers are hijacking emerging trends such as COVID-19.”

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

Mutualink’s new interoperability platform offers real-time situational awareness
platform as a service (PaaS)

Mutualink’s new interoperability platform offers real-time situational awareness

2 Aug 2021
PwnedPiper flaws threaten infrastructure of 80% of US hospitals
Security

PwnedPiper flaws threaten infrastructure of 80% of US hospitals

2 Aug 2021
How to use machine learning and AI in cyber security
Security

How to use machine learning and AI in cyber security

30 Jul 2021
Chipotle’s marketing email hacked to send phishing emails
phishing

Chipotle’s marketing email hacked to send phishing emails

29 Jul 2021

Most Popular

Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021