COVID-19 related phishing attacks grew by 600% worldwide

COVID-19 related phishing attacks grew by 600% worldwide


Security researchers have discovered a 600% rise in the number of phishing emails worldwide that used Coronavirus-related themes to target individuals and businesses.

In its Q1 2020 Top-Clicked Phishing Report, security firm KnowBe4 revealed that phishing email attacks related to COVID-19 increased by 600% in the first quarter of the year. According to the firm, 45 percent of all phishing attacks asked Internet users to either check or type in their passwords on malicious domains that spoofed legitimate ones.

The second most popular phishing attacks used COVID-19-related themes to create urgency and anxiety among recipients worldwide. The rest of the phishing attacks mainly targeted social media users and asked potential victims to check their emails for new login alerts, password resets and unauthorised access alerts.

“The bad guys are opportunists and they will use every chance they get to take advantage of people’s heightened emotions during crisis situations such as this one by trying to entice them to click on a malicious link or download an attachment laced with malware,” said Stu Sjouwerman, CEO of KnowBe4.

“It’s no surprise that we’re seeing an explosion of phishing attacks related to the coronavirus because people are actively seeking more information about it. End users should be especially careful with any email they receive related to COVID-19 and immediately report suspicious looking emails to their IT department.”

Following are the top 10 phishing subject lines used by cyber criminals as observed by KnowBe4:

·         Password Check Required Immediately

·         CDC Health Alert Network: Coronavirus Outbreak Cases

·         PTO Policy Changes

·         Scheduled Sever Maintenance – No Internet Access

·         Test of the [[company_name]] Emergency Notification System

·         Revised Vacation & Sick Time Policy

·         De-activation of [[email]] in Process

·         Please Read Important from Human Resources

·         Someone special sent you a Valentine’s Day ecard!

·         You have been added to a team in Microsoft Teams


The firm also observed the following subject lines being used in the wild by cyber criminals:

·         List of Rescheduled Meetings Due to COVID-19

·         SharePoint: Coronavirus (COVID-19) Tax Cut Document

·         Confidential Information on COVID-19

·         IT: Work from home – VPN connection

·         Comcast: Notification from Carl Vargas

·         Microsoft: Your meeting will begin soon

·         HR: New Employee Stock Purchase Plan

·         Vodafone: Caller Alert: Msg Received Today

·         Amazon Chime: Vonage invites you to join vonage_303136

·         Parking Authority: Parking Ticket: Pay Charge


In late March, researchers at KnowBe4 also identified a phishing scam that involved phishers luring Internet users to download malicious documents attached to fake emails that appeared to have been sent by a hospital.

The fake emails sent by the phishers informed recipients that they recently came into contact with an acquaintance who had COVID-19, thereby creating a sense of anxiety among those who received such emails. Recipients were asked to download an Excel document attached to the emails and proceed to the nearest emergency clinic for testing.

“You recently came into contact with a colleague/friend/family member who has COVID-19 at Big Country, please print attached form that has your information prefilled and proceed to the nearest emergency clinic,” a copy of the fake emails read.

“This email is simple, succinct, and alarming. Moreover, it spoofs a hospital, lending additional credibility to this particular social engineering scheme, which is clearly designed to elicit a panicked response from readers and override any form of rational, measured thought,” said KnowBe4.

“Users who make the mistake of following the directions provided in that Excel file and enable macros will be kicking off a download process for a sophisticated and dangerous backdoor trojan that currently enjoys a moderate (though rising) number of detections among the anti-malware engines represented on VirusTotal.

“This fairly nasty piece of malware (first reported to VirusTotal on Mar. 27, 2020) sports a number of advanced functions that allow it to evade detection by security applications, worm its way deep into an infested system, and serve as a platform for a variety of criminal activities,” the firm added.

Copyright Lyonsdown Limited 2021

Top Articles

Double trouble: the rising threat of double-extortion ransomware

Ransomware attackers continue to threaten businesses at an increasing scale, speed and sophistication.

The blurring line between nation-state and cyber-criminals

Russia is widely known to be involved in a plethora of cyber-criminal activity.

XDR: Delivering value where SIEMs fail

Implementing an XDR solution means faster detection, and remediation of cyber incidents

Related Articles

[s2Member-Login login_redirect=”” /]