The COVID-19 pandemic has created unprecedented challenges for individuals, businesses, and governments around the world. Unfortunately, cybercriminals have been quick to exploit the crisis for their own gain. Here’s an in-depth look at how cybercriminals are capitalizing on the pandemic.
Phishing and Malware Attacks Related to COVID-19
Cybercriminals have been carrying out phishing and malware campaigns that lure victims with COVID-19 themes. Phishing refers to emails that appear legitimate but contain links or attachments that install malware or steal sensitive information.
- I have received phishing emails pretending to be from the WHO or other health organizations that contain infected attachments on COVID-19 safety measures.
- Attackers have also created fake donation pages, shopping sites, and apps that claim to track the virus but actually infect devices with malware.
- Phishing and malware attacks often rely on the heightened public interest and anxiety surrounding COVID-19 to get people to click. By capitalizing on medical themes, cybercriminals are exploiting people’s fears about the pandemic.
Scams Related to Economic Stimulus Packages
Many governments have introduced COVID-19 economic stimulus and support packages. Cybercriminals are carrying out scams and frauds related to these programs.
- I have seen emails offering fake government grant applications that steal personal and financial information.
- There are also robocall scams that pretend to be from governmental agencies and ask for bank details to deposit stimulus checks.
- These scams take advantage of people’s need for government assistance during the pandemic. By masquerading as official bodies, criminals are able to steal sensitive data.
Targeting of Remote Workers and Businesses
With more people working remotely due to lockdowns, cybercriminals have increased attacks targeting telecommuting infrastructure.
- Attackers are exploiting the rapidly deployed virtual private networks (VPNs) and communication platforms used by remote workers.
- Businesses in sectors disrupted by COVID-19 (e.g. manufacturing, tourism) are being targeted with ransomware and data theft extortion.
- Many organizations have had to enable remote work quickly, leaving their systems and employees vulnerable. Cybercriminals are capitalizing on the expanded “attack surface.”
Disinformation Campaigns
The pandemic has also seen a massive rise in disinformation as attackers promote conspiracy theories and false cures.
- Social media posts, fake news sites, and text messages have spread COVID-19 conspiracy theories that create fear or distrust of health guidance.
- Disinformation also promotes phony cures or treatments, sometimes using these falsehoods to sell products.
- By spreading false COVID-19 information, cybercriminals can profit from scared people, disrupt official health efforts, or undermine confidence in government.
The COVID-19 crisis has created an opportunity for online criminals to steal data, make money, and sow social discord. As the pandemic continues, individuals and organizations need to be vigilant about cybersecurity and information sharing. Implementing protections, verifying sources, and staying alert to new threats will help mitigate the risks posed by these attackers exploiting COVID-19.
