publishing date icon
April 2, 2020
read time icon
5 min. read

Five COVID-19 Threats & How to Prepare For Them

Author image
Helinä Turunen
Head of Content
facebook iconLinkedin iconTwitter icon
Post hero image

No rest for the wicked – at least not for attackers. The recent outbreak of the global pandemic, COVID-19, once again made attackers act fast. Social engineers have been utilizing uncertainty and fear in phishing campaigns to spread malicious software and steal data.

According to Infosecurity Magazine, phishing emails went up by 667% since the end of February. Most common phishing attacks have been scams, such as brand impersonation, blackmail, and business email compromise (BEC).In this article, we wanted to share some of the attacks that our social engineering, content, and threat analyst teams have discovered. We will show you the messages and what’s ‘special’ about them.We understand that not all companies have a phishing training provider that is developing COVID-19 simulations for them. As an extra, we decided to give you a few examples and best practices on how to create your own COVID-19 related phishing simulation campaign. We truly hope that some of you find it useful.

Five COVID-19 Threats the Hoxhunt Team Has Discovered

Threat #1 – Missed voicemail with an important COVID-19 update

What is this?

The example below is mimicking a plain voicemail message. The subject line is ‘Important COVID-19 Update.’

Missed voicemail with an important COVID-19 update

What should you look out for in this email?
  • There is a link to download a malicious file.
  • A reference to an official messaging system provider creates a false sense of validity.
  • This message would make people curious naturally, and they could click the malicious download link in the hope of listening to something important.

Threat #2 – Organization specific HR file share with COVID-19 information

What is this?

Due to the current situation, most organizations have been communicating with their employees about the crisis. Social engineers are utilizing this fact. They try to get unsuspecting employees to click on a link that would lead them to a login page where they would type their login details.

HR file share with COVID-19 information

What should you look out for in this email?
  • This is a shotgun-style phishing message sent out to a large number of organizations.
  • The text in the message body and the fake filename are customized with the recipient organization’s name.
  • The document link leads to a fake Office 365 login page.

Threat #3 - Money scam with a COVID-19 context

What is this?

The message below is a general 419 money phishing scam. If you are unfamiliar with the type of this threat, the FBI explains ‘419’ Fraud here.

Money scam with a COVID-19 context

What should you look out for in this email?
  • The message uses the WHO and COVID-19 to create a sense of alarm and urgency.
  • It tries to capture information akin to other similar scams, but with a current event at the center of the message.

Threat #4 – COVID-19 prevention and safety awareness phishing

What is this?

This phishing email falsely uses the WHO as the authority and official regulatory information standpoint as a basis to spread a false message.

COVID-19 prevention and safety awareness phishing
What should you look out for in this email?
  • The message also refers to financial troubles (“fiscal stimulus”), sparking a sense of hope in some recipients who may be struggling financially.
  • The link (‘view here’) takes the unsuspecting recipient to a login page that harvests user credentials.

Threat #5 – New cases reported by WHO in your location

What is this?

This message utilizes the natural curiosity of people by exploiting the rapidly growing number of new COVID-19 cases.

New cases reported by WHO in your location
What should you look out for in this email
  • The message mentions the WHO to create a false sense of security.
  • Another clue is the sense of urgency evoked by reports of new cases near you.

The message asks the recipient to read more. When the recipient clicks the link, he or she will be led to a download page or a fake login page.

Do you do in-house phishing training and manual threats? These top tips show you how to develop your own templates.

If you have been responsible for developing phishing simulations for your organization and you are looking to create templates regarding COVID-19, we want to help you.We understand that it can be an overwhelming task to quickly react and create simulations that are relevant and believable. This is why we wanted to give you some tips on how to do that.Our customers have been already using COVID-19 simulations thanks to our fully automated solution that uses AI and ML to ensure that employees get the latest threats and they can learn from those.Now, you get some great insider tips on creating an internal phishing simulation campaign regarding COVID-19.

covid19 phishing attacks

1. Align your training message with your internal communication

In these exceptional times, communicating within your organization is more important than ever before. Your friends and colleagues are both stressed and concerned, especially when the situation is constantly changing. You may have a crisis team or your regular internal communication team working full days every day to ensure that you communicate the correct information regarding policies and guidelines with all the relevant stakeholders.

This is why it’s extremely important to align your internal guidelines with your phishing training around COVID-19-based attacks. Include details about relevant information sources in your training, align your training with internal communication and your support teams to ensure all possible questions regarding COVID-19 policies and phishing campaigns are answered in the same way.

In addition to this, it’s extremely important that your users are aware of the upcoming phishing training campaigns around COVID-19 in your organization and that you explain to them why you conduct these campaigns. As cybersecurity professionals, we want to keep everyone safe and make people feel safe, which is why communication is extremely important in a time of uncertainty.

Remember: Communicate, communicate, and communicate!

2. Draft out your learning goals

What are the things you want your recipients to learn? This question should be driving you when you are developing your COVID-19 phishing campaign.Draft your template(s) and the learning material(s) around these goals. If you can, use a real-world phishing example as a base (see our examples above), and work out your learning goals from there.

Adapt your goals to your audience! Don’t make them too difficult for beginners, and don’t make them too easy for seasoned professionals.Think about these examples:

  • Do you want to teach users about the latest COVID-19 phishing attacks?
  • Do you want to tell them that attackers will use any means possible to deliver their attacks, or do you want to share information regarding specific techniques (e.g., credential harvesting, malware phishing, file-sharing phishing)?

Don’t put too much information in one template! Often three good learning indicators are plenty enough for one template. More than that, and you risk your users being overwhelmed. Less than that, and the impact may be less due to a lack of context.

Remember: Clarity is key. When you know what your goal is, it’s easier to share it forward.

Are you a customer in need of COVID-19 phishing campaigns?

Hoxhunt is constantly monitoring the latest phishing attacks reported by our customers. Our content team is creating the latest training materials based on real-world examples. Our training includes the most common COVID-19 phishing attacks and customized training material based on real-world attacks. Your users will learn from the latest attacks, strengthening the cyber defense of your organization!

Want to learn more about our latest COVID-19 training content? Reach out to your Hoxhunt Customer Success Manager or turn to our sales team. We are happy to help and share more with you.

Subscribe to our newsletter