Phishing grows by 220% as cyber criminals leverage COVID-19 pandemic

Over half of all phishing websites mimicked large brands

According to new research, cyber crime has risen sharply as criminals continue taking advantage of the global coronavirus pandemic in their attacks. 

In its fourth Phishing and Fraud Report, cyber security firm F5 Labs has seen phishing attempts increase by 220% over the past few months. And there is no sign of this trend slowing down anytime soon, as F5 predicts the number of phishing attacks to grow 15% year-on-year. 

Most coronavirus-themed phishing campaigns have focused on fraudulent donations to fake charities, credential harvesting and malware delivery, explained F5. 

“The risk of being phished is higher than ever and fraudsters are increasingly using digital certificates to make their sites appear genuine,” said David Warburton, senior threat evangelist at F5 Labs. 

“Attackers are also quick to jump onto emotive trends and COVID-19 will continue to fuel an already significant threat. Unfortunately, our research indicates that security controls, user training and overall awareness still appear to be falling short across the world.”  

Opportunistic phishing attacks 

During the pandemic, attackers have been far more opportunistic with their attacks. When analyzing digital certificates, F5 discovered that 14,940 used the words “covid” and “corona” — allegedly, to evoke an emotional response from victims. 

What’s more, over half of phishing websites (52%) masqueraded as major brands. The most impersonated companies were Amazon, Paypal, Apple, WhatsApp, Microsoft Office, Netflix and Instagram.

After conducting a phishing attack, perpetrators would use the compromised passwords within four hours. And hackers conducted many of these attacks in real-time to obtain multi-factor authentication codes. 

Furthermore, around 20% of phishing URLs were WordPress sites, up from 4.7% three years ago, and cyber crooks used free domain names to make their attacks more cost-effective. 

In 2020, attackers have taken several steps to trick victims into thinking phishing websites are legitimate. For example, F5 found 72% of phishing websites used genuine HTTPS certificates, and 100% of drop zones employed TLS encryption.

Taking action against phishing

Warburton warned that people will continue to fall victim to these attacks "as long as there is a human that can be psychologically manipulated in some way."

Related Resource

Best practices for protecting remote work

Staying safe and secure while working from home

Download now

Therefore, he explained that "security controls and web browsers alike must become more proficient at highlighting fraudulent sites to users.”

He added, “Individuals and organizations also need to be continuously trained on the latest techniques used by fraudsters. Crucially, there needs to be a big emphasis on the way attackers are hijacking emerging trends such as COVID-19.”

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

What are biometrics?
Security

What are biometrics?

27 Nov 2020
Black Friday's best antivirus deals
Security

Black Friday's best antivirus deals

27 Nov 2020
Veritas Access Appliance with IBM Spectrum® Protect
Server & storage

Veritas Access Appliance with IBM Spectrum® Protect

27 Nov 2020
Ransomware protection with Veritas NetBackup Appliances
Security

Ransomware protection with Veritas NetBackup Appliances

27 Nov 2020

Most Popular

46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020