The Rise of COVID-19/Coronavirus Phishing Schemes

Note: To help combat the increased risk from phishing, GreatHorn is offering a Workforce Protection Program – giving organizations full access to the GreatHorn Email Security platform for free for 60 days without restriction on functionality.

For many of us – GreatHorn included – this week represents the first of what will likely be many weeks of working remotely. And while certainly pockets of the novel Coronavirus began to appear outside of China in February (Italy for example), for much of the US, COVID-19 didn’t rise in public prominence until late February as the first domestic deaths were reported.

Cybercriminals have long taken advantage of times of crisis, capitalizing on public attention and fears. The coronavirus / COVID-19 pandemic represents for them a perfect storm for exploitation – fear, personal interest, worldwide attention, disruptions to daily life and work habits, and unusual business practices and communication patterns.

With 10 weeks of data behind us, we can see how these threats have evolved as growing concern over the global health crisis spiked:

The dramatic increase is even more astonishing when you look at it month over month. As you see below, the number of attacks increase by 7x in February as compared to January:

With just two weeks of data in March, the frequency of attacks more than doubled again. In the first two weeks in March (March 1-14), we saw 15 times as many phish as we did for the entire month of January – making up more than 1.5% of all mail:

In analyzing the threats, we’ve seen malicious actors rely heavily on impersonation tactics (“official” CDC announcements and HR / executive communications, for example) and either masked or lookalike URLs (CDC, WHO, OneDrive, etc.), typically seeking credentials or either confidential or financial information.

Here are just a couple of the examples that we’ve seen:

Over the coming days, we’ll continue to post advice, examples, and information to help you better manage the increased risk COVID-19 represents. If you want to be sure to receive these updates, sign up for our Coronavirus/COVID-19 communications here.

Be sure also to check out our other resources:

Ready for a demo?

Schedule a personalized demo, and we'll show you:

  • Advanced analysis that identifies even the most sophisticated threats
  • In-the-moment warnings to educate employees
  • Robust search and remediation to reduce exposure time
  • Account takeover protection

...and a 5-minute deployment to get you up and running fast.