With the increase in demand for Covid-19 tests over the past weeks due to the latest Omicron variant, the hackers are back at exploiting the pandemic to conduct more attacks, according to a report.
According to researchers from Barracuda Networks, a cloud-enabled security solutions provider, since early October 2021, Covid test-related phishing attacks have increased by 521 percent.
Scammers have been opting for different tactics to get the attention of their victims.
They are sending offers on emails to sell Covid tests and other medical supplies such as masks or gloves. Some of these are selling counterfeit or otherwise unauthorized products.
Fake notifications of unpaid orders of Covid tests are also being sent out where scammers have provided a PayPal account to receive payments to complete the purchase of rapid Covid tests.
Malicious fraudsters have also been impersonating healthcare workers and lab test providers as legitimate employees to share fake test results.
Further, as some organizations try to get their staff back to the office, they send out updated policies or request information on employees’ vaccination status. Hackers hijack these conversations.
In one specific example found in Barracuda’s research, cybercriminals impersonated an HR department and shared a file hosted on a phishing site with employees in hope of stealing their account credentials.
The attackers went as far as impersonating the Office 365 logo and stating that the document has already been scanned for virus and spam content.
“Covid-19 has disrupted everyone’s health and mental sanity for almost two years now. The latest variant has brought yet another opportunity for the scammers to take advantage of the people seeking Covid-19 tests,” James Forbes-May, Vice President, APAC at Barracuda Networks, said in a statement.
“It is crucial to stay mindful while clicking on suspicious links or opening attachments in these unexpected emails and divulging any personal information when seeking a test, regardless of it being a legitimate site,” he added.
As scammers can adapt their email tactics to bypass gateways and spam filters, it is critical to have a solution that detects and protects against spear-phishing attacks, including brand impersonation, business email compromise, and email account takeover.
Organizations can use machine learning to analyze standard communication patterns and spot anomalies that indicate an attack.
Deploying technology that uses artificial intelligence can also help organizations identify compromised accounts, alert users in real-time, and remove malicious emails sent from compromised accounts, the report suggests.