Phishing more focused on new “excuses” by COVID-19


Phisher capitalizes on corona

13 augustus 2020
Phishing is one of the oldest and most flexible forms of cyber attacks. New times bring new developments, also with regard to phishing. Kaspersky’s analysis shows that such attacks are increasingly targeting smaller companies, but also that the COVID-19 outbreak has led to new pishing tactics, such as other ‘excuses’ to obtain information.

These and other findings are documented in Kaspersky’s new spam and phishing report in Q2 2020.

Phishing is a strong method of attack because it is done on such a large scale. By sending huge waves of emails under the name of legitimate institutions or promoting fake pages, cyber criminals entice unwary users to enter personal information, such as financial information, or social media account credentials. This opens doors to malicious operations, such as stealing money or compromising corporate networks. However, the first six months of 2020 have shown new developments in phishing.

Targeted attacks: focus on small businesses
Kaspersky analysis showed that phishers carried out more and more targeted attacks in the second quarter of 2020, with the main focus on small businesses. In order to attract attention, fraudsters falsified emails and websites of organizations whose products or services could be purchased by potential victims. When creating these fake assets, fraudsters often weren’t even trying to make the site look authentic.

Covid-19 outbreak creates new pishing tactics
In addition, a number of new tricks have also been found – from HR dismissal emails, to attacks disguised as delivery notifications. The COVID-19 outbreak created new phishing possibilities, for example in terms of the ‘excuses’ that fraudsters use when they ask for personal information:

  • Delivery services. At the height of the pandemic, organizations responsible for delivering letters and packages were in a hurry to notify recipients of possible delays. Fraudsters began faking emails like these, asking victims to open an attachment to find out the address of a warehouse where they could pick up a shipment that didn’t reach its destination.
  • Postal services. Another new form was a message with a small image of a receipt. The scammers hoped that the intrigued recipient would accept the attachment (which contained ‘JPG’ in the name) as a full version and open it. The Noon spyware was found in mailings such as this one investigated by Kaspersky.
  • Financial services. Bank phishing attacks in the second quarter were often carried out using emails that offered various benefits and bonuses to credit institution customers because of the pandemic. Emails contain a file with instructions or links for more details. As a result, depending on the scheme, fraudsters could gain access to users’ computers, personal information or authentication information for various services.
  • HR services. The weakening of the economy during the pandemic caused a wave of unemployment. Cyber ​​fraudsters, on the other hand, were busier than ever. For example, Kaspersky came across several mailings announcing changes to the medical leave procedure, or surprising the recipient with the news of their dismissal. Some appendices contained a Trojan-Downloader.MSOffice.SLoad.gen file. This Trojan is mostly used for downloading and installing encryptors.

“When summarizing the results of the first quarter, we already assumed that COVID-19 would be the main topic for spammers and phishers at this time. And this turned out to be the case. Except for a few mailings, where the pandemic did not In was mentioned, phishers simply adapted their methods to the COVID-19 situation and came up with new tricks, ”says Tatyana Sidorina, security expert at Kaspersky.

Prevent phishing
Kaspersky advises users to take the following measures to protect themselves against phishing:
– Always check online addresses for unknown or unexpected messages, be it the web address of the site being referred to, the link address in a message, or even the sender’s email address, to make sure they are real and that the link in the message does not hide another hyperlink.
– Never enter login details when in doubt whether the website is genuine and secure. If a login and password may have been entered on a fake page, immediately change the password and call the bank or other payment provider if there is a chance that card information has been compromised. Use a good security solution with behavioral anti-phishing technologies.


Please enter your comment!
Please enter your name here