Phishing grows by 220% as cyber criminals leverage COVID-19 pandemic

Over half of all phishing websites mimicked large brands

phishing

According to new research, cyber crime has risen sharply as criminals continue taking advantage of the global coronavirus pandemic in their attacks. 

In its fourth Phishing and Fraud Report, cyber security firm F5 Labs has seen phishing attempts increase by 220% over the past few months. And there is no sign of this trend slowing down anytime soon, as F5 predicts the number of phishing attacks to grow 15% year-on-year. 

Most coronavirus-themed phishing campaigns have focused on fraudulent donations to fake charities, credential harvesting and malware delivery, explained F5. 

“The risk of being phished is higher than ever and fraudsters are increasingly using digital certificates to make their sites appear genuine,” said David Warburton, senior threat evangelist at F5 Labs. 

“Attackers are also quick to jump onto emotive trends and COVID-19 will continue to fuel an already significant threat. Unfortunately, our research indicates that security controls, user training and overall awareness still appear to be falling short across the world.”  

Opportunistic phishing attacks 

During the pandemic, attackers have been far more opportunistic with their attacks. When analyzing digital certificates, F5 discovered that 14,940 used the words “covid” and “corona” — allegedly, to evoke an emotional response from victims. 

What’s more, over half of phishing websites (52%) masqueraded as major brands. The most impersonated companies were Amazon, Paypal, Apple, WhatsApp, Microsoft Office, Netflix and Instagram.

After conducting a phishing attack, perpetrators would use the compromised passwords within four hours. And hackers conducted many of these attacks in real-time to obtain multi-factor authentication codes. 

Furthermore, around 20% of phishing URLs were WordPress sites, up from 4.7% three years ago, and cyber crooks used free domain names to make their attacks more cost-effective. 

In 2020, attackers have taken several steps to trick victims into thinking phishing websites are legitimate. For example, F5 found 72% of phishing websites used genuine HTTPS certificates, and 100% of drop zones employed TLS encryption.

Taking action against phishing

Warburton warned that people will continue to fall victim to these attacks "as long as there is a human that can be psychologically manipulated in some way."

Related Resource

Best practices for protecting remote work

Staying safe and secure while working from home

Download now

Therefore, he explained that "security controls and web browsers alike must become more proficient at highlighting fraudulent sites to users.”

He added, “Individuals and organizations also need to be continuously trained on the latest techniques used by fraudsters. Crucially, there needs to be a big emphasis on the way attackers are hijacking emerging trends such as COVID-19.”

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Russian spy agencies warn of US cyber retaliation
hacking

Russian spy agencies warn of US cyber retaliation

25 Jan 2021
SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Global ransom DDoS extortionists are retargeting companies
distributed denial of service (DDOS)

Global ransom DDoS extortionists are retargeting companies

22 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021