Evolution of Phishing Attacks During the Pandemic


Brad SlavinCEO of DuoCircle LLC

Friday, January 29, 2021

Cyber-attacks involving phishing aren’t a new phenomenon. However, during the COVID-19 pandemic cybercriminals took advantage of the global panic and disruption to launch dedicated phishing attacks on businesses. This article discusses the evolution of these attacks in the last year.

Article 4 Minutes
Evolution of Phishing Attacks During the Pandemic

The COVID-19 pandemic was a situation that no organization could have anticipated. Cyber intruders took this opportunity to spread fake news and use phishing techniques to gain remote access to organizations' networks. Since businesses were more concerned about business continuity and had vulnerable mitigation plans, malicious actors adapted to the remote work and telecommunicating realities and impersonated trusted tech platforms. For instance, Zoom, Google Meet and Skype users were some of the most popular targets of the manipulative cybercrime.

Phishing attacks in statistics

Cyber attackers used phishing to trick victims and steal their financial information or other sensitive data using emails that contain malware or backdoors. Threat actors used spoofed websites that closely resembled original websites and tricked people into giving away login credentials. The work from home culture made phishing a more lucrative opportunity for the threat actors. The following graph represents the increase in spoofed websites visited between February and March.

A graph showing the rise in Phishing attacks over Feb/March 2020 - at the beginning of the pandemic for many countries

Why the pandemic era witnessed a rise in phishing emails: motives behind the attacks

Phishing is one of the most widely used social engineering techniques due to its ease of implementation and higher success rate for malicious actors. Intruders used such phishing techniques during the pandemic, mainly for financial fraud or credential harvesting, as discussed below:

Financial frauds

Threat actors usually demanded a one-time payment from targets claiming that payers will get a reward in return for charity to other organizations. Such campaigns also asked users for their card credentials or bank details and stored this sensitive information for future use. In addition to card details for payment, cybercriminals also sell the information on the dark web to other cybercriminals with similar intentions. They gained bank details through:

  • Formjacking, a type of cyber skimming
  • Scams that asked for user details
  • Spoofed websites that resembled original banking websites
  • Breached database containing financial information

Credential harvesting

Usernames, passwords and other credentials are readily available on the dark web, and malicious actors share or sell such sensitive information for money. The buyer can use this information for initiating attacks on targeted victims or may resell the data. This information is used primarily for financial fraud or theft of intellectual property. Since businesses have identified and started mitigating that credential phishing has been evolving amid COVID-19, attackers are now using content phishing for attacks.

What were the types of phishing techniques used?

A single technique won’t be applicable for all kinds of cyberattacks, and adversaries are well aware of this. Initially, they study the target and articulate various attack strategies based on the target's type and cybersecurity defense. Amid the pandemic, there are three main types of phishing techniques that malicious actors employed:

  • General: An indiscriminate phishing attack in which many random victims are targeted, and unsuspecting users who aren’t careful enough end up losing any crucial information they provide.
  • Semi-targeted phishing: Such attacks are generally well-planned and occur against a group of people or an organization's employees who aren’t expected to have enough information on the modus operandi of how malicious actors employ phishing campaigns.
  • Spear-phishing: A sophisticated attack in which a particular entity, especially with authorization to high-level administration (such as a COO or CFO) is targeted.

Two standard phishing practices that malicious actors deployed during the pandemic are discussed below:

  • Using a phishing site: Attackers usually clone an original website by copy-pasting the HTML code from the source and deploy it on another URL but with striking similarities to trick the user into thinking it’s genuine.
  • Developing similar URLs: Even though malicious actors can clone the websites entirely, it’s impossible to implement the clone on the same URL as that of the original website. By making minor URL changes, cybercriminals add various authentication digital signatures and HTTPS certificates to make it more genuine.

What are the steps businesses can take to safeguard their virtual working Environments?

While the pandemic witnessed a rise in the number of phishing attacks, the good news is that businesses can take a few steps to secure their systems against such attacks. These are discussed below:

  • Businesses must consider the benefits of moving to the cloud and adopting SaaS, IaaS and PaaS according to the business needs, ditching the traditional on-premise way of handling their software needs
  • They must carry out regular employee training programs to make them aware of the risks
  • They must configure the virtual private network (VPN) properly
  • Businesses must introduce security elements for teleconferencing
  • There must always be a ready-made plan to identify and mitigate supply chain and third-party risks

Final thoughts

The sudden switch to the work from the home environment has left businesses scrambling to find cost-effective solutions to ensure business continuity. They ignored the most crucial aspect – IT systems' security. However, there was a silver lining in the rising number of phishing attempts during the pandemic. Enterprises have started taking cybersecurity more seriously and taking proactive measures to improve their cybersecurity posture and keep malicious actors at bay.

Brad Slavin

Brad Slavin is a security industry veteran and the General Manager at DuoCircle LLC, a cloud email security firm. Before joining DuoCircle, Brad began his career in network security by founding a regional ISP in California and was the co-founder of wireless wardriving and security software Netstumber.com, which was the recipient of the  “Editor’s Choice” – Laptop Magazine & Ziff-Davis i3 Award for innovation.


Join the conversation...