With Covid-19 cases on the rise amid the spread of the Omicron variant, cybercriminals are yet again exploiting the pandemic to conduct more attacks, according to a report by Barracuda.
According to the report, there has been a rise in email scams related to Covid-19 tests as the demand for Covid tests has increased.
Barracuda researchers witnessed a spike in Covid test-related phishing attacks over the past couple of months. Since early October 2021, test-related scams have increased by 521 per cent.
Scammers have been adopting various tactics to get the attention of their victims. These range from sending offers on emails to sell Covid tests and other medical supplies such as masks or gloves to selling counterfeit or otherwise unauthorised products.
Scammers are also sending out fake notifications of unpaid orders of Covid tests where they have provided a PayPal account to receive payments to complete the purchase of rapid Covid tests. Some malicious fraudsters have also been impersonating healthcare workers and lab test providers as legitimate employees to share fake test results.
With some organisations working to get their staff back to the office, scammers send out updated policies or request information on employees’ vaccination status. Hackers hijack these conversations.
According to a specific example found as part of Barracuda’s research, cybercriminals impersonated an HR department and shared a file hosted on a phishing site with employees in hopes of stealing their account credentials.
“The attackers went as far as impersonating the Office 365 logo and stating that the document has already been scanned for virus and spam content,” as per the report.
James Forbes-May, Vice President, APAC at Barracuda Networks said, “Covid-19 has disrupted everyone’s health and mental sanity for almost two years now. The latest variant has brought yet another opportunity for the scammers to take advantage of the people seeking Covid-19 tests.”
“So, it is crucial to stay mindful while clicking on suspicious links or opening attachments in these unexpected emails and divulging any personal information when seeking a test, regardless of it being a legitimate site,” Forbes-May said.
The report further emphasised the need to deploy a solution that detects and protects against spear-phishing attacks, including brand impersonation, business email compromise, and email account takeover.
“A purpose-built technology that doesn’t rely solely on looking for malicious links or attachments can be deployed. Organisations can use machine learning to analyse standard communication patterns and spot anomalies that indicate an attack. Deploying technology that uses artificial intelligence can also help organisations identify compromised accounts, alert users in real-time, and remove malicious emails sent from compromised accounts,” it said.
It is also necessary to educate users about spear phishing attacks to help them avoid such scams about spear-phishing attacks. Organisations must provide their employees with up-to-date user awareness training about Covid related phishing, seasonal scams, and other potential threats.
“Moreover, to help the employees avoid making costly mistakes, companies should create guidelines and set strong internal procedures to confirm all email requests for wire transfers and payment charges, thereby preventing potential fraud,” it further said.