Phishing grows by 220% as cyber criminals leverage COVID-19 pandemic

Over half of all phishing websites mimicked large brands

phishing

According to new research, cyber crime has risen sharply as criminals continue taking advantage of the global coronavirus pandemic in their attacks. 

In its fourth Phishing and Fraud Report, cyber security firm F5 Labs has seen phishing attempts increase by 220% over the past few months. And there is no sign of this trend slowing down anytime soon, as F5 predicts the number of phishing attacks to grow 15% year-on-year. 

Most coronavirus-themed phishing campaigns have focused on fraudulent donations to fake charities, credential harvesting and malware delivery, explained F5. 

“The risk of being phished is higher than ever and fraudsters are increasingly using digital certificates to make their sites appear genuine,” said David Warburton, senior threat evangelist at F5 Labs. 

“Attackers are also quick to jump onto emotive trends and COVID-19 will continue to fuel an already significant threat. Unfortunately, our research indicates that security controls, user training and overall awareness still appear to be falling short across the world.”  

Opportunistic phishing attacks 

During the pandemic, attackers have been far more opportunistic with their attacks. When analyzing digital certificates, F5 discovered that 14,940 used the words “covid” and “corona” — allegedly, to evoke an emotional response from victims. 

What’s more, over half of phishing websites (52%) masqueraded as major brands. The most impersonated companies were Amazon, Paypal, Apple, WhatsApp, Microsoft Office, Netflix and Instagram.

After conducting a phishing attack, perpetrators would use the compromised passwords within four hours. And hackers conducted many of these attacks in real-time to obtain multi-factor authentication codes. 

Furthermore, around 20% of phishing URLs were WordPress sites, up from 4.7% three years ago, and cyber crooks used free domain names to make their attacks more cost-effective. 

In 2020, attackers have taken several steps to trick victims into thinking phishing websites are legitimate. For example, F5 found 72% of phishing websites used genuine HTTPS certificates, and 100% of drop zones employed TLS encryption.

Taking action against phishing

Warburton warned that people will continue to fall victim to these attacks "as long as there is a human that can be psychologically manipulated in some way."

Related Resource

Best practices for protecting remote work

Staying safe and secure while working from home

Download now

Therefore, he explained that "security controls and web browsers alike must become more proficient at highlighting fraudulent sites to users.”

He added, “Individuals and organizations also need to be continuously trained on the latest techniques used by fraudsters. Crucially, there needs to be a big emphasis on the way attackers are hijacking emerging trends such as COVID-19.”

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020
phishing

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

20 Apr 2021
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

22 Apr 2021
What is hacktivism?
hacking

What is hacktivism?

22 Apr 2021
Geico data breach leads to stolen driver’s license numbers
data breaches

Geico data breach leads to stolen driver’s license numbers

21 Apr 2021

Most Popular

REvil threatens to release Apple’s hardware schematics
ransomware

REvil threatens to release Apple’s hardware schematics

21 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Samsung Galaxy S21 Ultra review: Ultra in every sense of the word
Mobile Phones

Samsung Galaxy S21 Ultra review: Ultra in every sense of the word

22 Apr 2021