COVID-19 has contributed to record breaking cybercriminal activity
There has been an exponential growth in phishing and website scams in Q1 2020, according to a Bolster analysis of over 1 billion websites. 854,441 confirmed phishing and counterfeit pages and 4M suspicious pages were detected.
COVID-19 cybercriminal activity
Of the total number of confirmed phishing and counterfeit pages, 30% were related to COVID-19 – that is over a quarter of a million confirmed malicious websites.
Daily phishing creation soars
Over 3,142 phishing and counterfeit pages went live every day in Jan. with that number increasing to 8,342 in March — due to the COVID-19 pandemic. Over 25,000 pages were created on 3/19 — a record for the quarter.
SaaS, telecoms, and finance suffer the most from phishing
SaaS and telecoms were the industries most impacted by phishing scams, followed by finance, retail, and streaming.
COVID medical scams play on a cure
In the month of March alone, 102,676 websites related to medical scams were found, with 1,092 websites either selling Hydroxychloroquine or spreading misinformation about using it to cure COVID-19.
Stimulus checks and loans brought out the hackers
There were over 145,000 suspicious domain registrations with ‘stimulus check’ in them. The number of scam websites that claim to offer small business loans jumped 130 percent from February to March. Hackers spun up 60,707 banking websites to attempt to siphon off stimulus funds.
Hackers target remote workers and those quarantined
Collaboration and communication phishing sites saw a 50% increase from Jan to March, as a large majority of the workforce began working from home.
Streaming phishing sites saw an 85% increase from Jan to March, with over 209 websites being created per day — attempting to capitalize on those looking for entertainment during lockdowns.
Malicious cryptocurrency
Bolster discovered multiple phishing websites peddling fake COVID-19 cryptocurrencies and crypto wallets that aim to siphon data for future phishing, targeted malware, or credential stealing.
One COVID-19 cryptocurrency bills itself as “The World’s Fastest Spreading Crypto Currency” and attempts to get visitors to download suspicious files off GitHub. Another site prompts visitors to register to find out more information about a COVID coin that “gains value as more people die and get infected”.
“We anticipate phishing site creation will continue to increase, especially as we proceed further into a COVID-minded world. The phishing lures and tactics of cybercriminals will consistently evolve to keep up with the rapidly changing threat landscape, but the underlying credential theft will not,” said Abhishek Dubey, CEO, Bolster.
“Cybersecurity conscious organizations will need to work together and leverage AI, automation and security training to effectively combat phishing and online fraud during this surge and beyond.”