Abnormal Security Detects 90% Rise in COVID-19 Email Attacks, 150% Increase in COVID-19 Spam

April 14, 2020

Abnormal Security

Abnormal Security

Malicious threat actors are using COVID-19 as a means to exploit users in recent attacks including, but not limited to, credential phishing, malware, and payroll fraud. There has been a steadily increasing number of these types of attack as the virus spreads and media coverage heightens. 

In fact, in the Abnormal Security Threat Center, which tracks phishing attacks against our customer base, we have seen a 90 percent increase in COVID-19 related attacks over the past week. The majority of attacks are driven by COVID-19 spam, which increased by 150 percent over the last week.Our analysts predict that these attacks will only continue to rise as the virus persists, as attackers take advantage of the pandemonium caused by COVID-19.

These malicious threat actors utilize techniques such as social engineering, email spoofing, and brand impersonations to deceive the user. The level of sophistication ranges from unsolicited spam messages regarding Personal Protection Equipment (ie. face masks, far-range thermometers, etc) to impersonations of entities such as the Centers for Disease Control and Prevention and major multinational financial institutions.

Since the federal government approved the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), many Americans are expecting their stimulus check deposits. However, attackers are exploiting this by impersonating financial institutions to gain access to users’ bank credentials.

When users click on the link, they are taken to an impressively similar phishing website imitating the impersonated financial institution:

Attackers have also specifically targeted executives and payroll employees as companies transition their workforce to work from home. Abnormal Security caught the following attack impersonating an HR and payroll services company containing a convincing phishing page.

If you are interested in learning more and staying up-to-date with COVID-19 related attacks, visit our Abnormal Security COVID-19 Resources Center.

Subscribe to receive twice-monthly updates of the latest attacks we've detected in the wild:

Related content

Like our article? Share our content