Increase of the Phishing attacks in the COVID-19 situation

No alt text provided for this image

Novel CoronaVirus is not only posing a grave danger in the real world, but it is also posing a threat to the cyberworld. Cybercriminals are exploiting the public fears about this deadly virus using phishing attacks.

Phishing is a technique used by cybercriminals to send genuine-looking emails and make the user take actions. These actions can be replying with personal information or clicking the link in the email and doing some transactions etc.

One such scenario is, a user receives an email impersonating as the Incometax department saying that he has a tax refund. He can transfer that refund to his account by clicking on the link that is provided in the email and just give the bank account and login details on the page. This page will look like the Incometax department's page, but it is not, and the user's details are compromised. Money is siphoned off from the bank using these details.

In the COVID-19 situation, many users receiving phishing emails impersonating as a software/antivirus company, saying that they are giving their software for free for work from home. This free software can contain malware or malicious software when installed and will infect the computer.

Some types of malware

Ransomware - Once infected, this malware can encrypt documents in the computer and demand a ransom in the form of Bitcoins to decrypt the files.

Keylogger – This malware can record whatever the user is typing, including the login credentials for a bank or an email account, and send it to the hacker.

Remote Access Trojan or RAT - This malware can give full remote access of the infected computer to a hacker. This hacker can watch what the user is browsing, or he can remotely activate the web camera and watch, or he can read the documents on the computer.

Zombies or bots - This malware even though it is harmless to the computer but controlled remotely to participate in the Distributed Denial of Service (DDOS) attacks to bring down the websites or networks.

Other examples of phishing emails based on COVID-19     

·       Email impersonating as HR of the company asking users to review the work from home policy, in the attached (malicious) word file.

·       Email impersonating as HR that a colleague is tested COVID-19 positive and check the attached (malicious) document on how to keep safe from the virus.

·       Email impersonating as the CEO of the company asking an employee to join in the video conference by clicking the link. This link can download malware.

·       Email impersonating as the IT Help desk, asking the users to download and install the (malicious) VPN software for work from home.

·       Email impersonating as the health department asking users to install (malicious) software on their mobile phones.

Tips to prevent yourself from being a victim to the phishing attacks

  • Beware of online requests for personal information - A coronavirus-themed email that seeks personal data like your bank login information is a phishing scam. Never respond to the email with your bank login details or any other personal data of yours.
  • Check the email address or link – Always check the from address to see if the email is sent from your organization or your bank. Also, check the links in the email if they point to the actual domain your
  • Watch for spelling and grammatical mistakes – Check for spelling and grammatical errors and determine if the email is a phishing email or not.
  • Avoid emails that insist you act now - Phishing emails create a sense of urgency and demand immediate action. They want you to click on a link and provide personal information — right now or make you do a financial transaction. If the email looks genuine, call the person for confirmation and then act.
  • Backup - Always backup your data either in the CVS, GIT, on cloud or external drive

Views: 99

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform


Security Trends and Emerging Technologies That A CISO Should Adopt In 2021

Started by Priyanka Aash on Wednesday. 0 Replies

What are the challenges you as a CISO have been facing since the last year and share some security trends that are catching up? Help the community by sharing your knowledge and personal views on this subject. Or if you have any specific questions…Continue

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

Follow us

Contact Us


Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2021   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */