The Strange Irony of COVID-19’s Effect on Certain Phishing Attacks
Quick Answer
COVID-19 produced an inverse pattern in phishing: pandemic-themed lures (fake CDC alerts, vaccine signups, stimulus check scams) exploded while certain pre-pandemic specialties slumped because the underlying fraud chain broke. Digital Shadows tracked criminal forums where event-ticket fraudsters posted that "everything is closed for 2 weeks," bank-fraud operators struggled to complete physical cash-out runs, and Amazon-package mules lost the delivery network when non-essential shipments stopped. The pattern is temporary: when conditions normalize, the dormant categories return at full strength on top of any new ones. The takeaway for defenders is that phishing volume reflects opportunity, not appetite, attackers do not retire, they pivot. Continuous link-time scanning, MFA, and user training matter more than chasing the theme of the moment.
While the pandemic known as COVID-19 is causing a dramatic increase in coronavirus-themed phishing attacks, it’s strangely having the opposite effect on other phishing attacks.
When it comes to phishing attacks, hackers tend to “specialize” in a certain type of phishing attack. And as things turn out, some of these “specialists” are really feeling the pinch from COVID-19. A lot of people are struggling in this economy, and apparently some of them are bad guys.
According to an article The CyberWire, “some types of criminals are feeling economic pain. Opportunities for travel and event fraud have essentially dried up. Gangs who specialize in bank fraud are having difficulty completing their theft if it requires a physical transfer of goods or cash, as it often does. Amazon has also blocked all shipments of non-essential products to its warehouses, so cybercriminals can no longer make use of Amazon’s delivery network to ship their goods.” Poor bad guys.
While monitoring conversations on cybercriminal forums, researchers at Digital Shadows uncovered a “user who maintains a long-standing thread offering fraudulent tickets for same-day events posted an update stating that ‘everything is closed for 2 weeks’ as a result of the cancellation of events across the globe.” Another user stated “that their usual drop worker can’t work because banks in their unspecified location are closed. This likely refers to the individuals employed to visit banks to withdraw money from fraudulently acquired accounts, allowing cybercriminals to cash out their illicitly earned funds.”
While it may be true that some forms of phishing attacks are currently on hiatus, the slack has been more than taken up by the COVID-19 phishing attacks. Eventually, the pandemic-based phishing attacks will go away as the virus itself subsides. All that means is that the old ones will be back in full force.
If there’s one thing we know about hackers is, they may seize a temporary opportunity to exploit victims, but they will never go away. Which means, if you want to stay permanently protected, you either have to stay permanently vigilant OR you have to employ some technology which can be permanently vigilant for you.
Introducing Phishing Protection from DuoCircle, the technology that stays vigilant for you. Phishing Protection from DuoCircle stops phishing emails in their tracks with true, real-time link click protections. That means no matter what calamity the hackers are exploiting, you’re protected.
Phishing Protection works will all major email services, sets up in 10 minutes and only costs pennies per user per month. Get Phishing Protection today. You’ll be protected from COVID-19 phishing emails and whatever comes after that.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.