To better understand how scammers exploit the epidemiological challenge, Kaspersky experts analysed pandemic-related spam emails and phishing pages designed to steal users’ credentials.

Various fake payment offers and discounted COVID-19 tests are among the most common schemes used by cybercriminals. Recently, phishing ads for fake QR codes and vaccination certificates for restaurants and public events have become popular.

An example of a phishing website offering breathing masks

Pandemic-related scamming activity peaked in March 2021. Kaspersky researchers observed a slight decline in June, before cybercriminals intensified their efforts. During this month, Kaspersky products detected and blocked 14% more pandemic-related phishing websites than they did in May.

“In most pandemic-related fraud, cybercriminals aim to obtain user data. Phishing is often used for this: a user follows a link from an ad or email and gets to a page where they are asked to enter personal information and bank card details. Once they have this information, attackers can use it to steal money from a target’s accounts. If you see a message about the pandemic, we recommend you always double-check the information is from an official source and never give your personal data to suspicious sites,” comments Alexey Marchenko, Head of Content Filtering Methods Research at Kaspersky.

In order to avoid falling victim to a scam, Kaspersky also advises users:

  • Be skeptical of any unusually generous offers and promotions
  • Do not follow links from suspicious emails, instant messages or social network communications
  • Always check the authenticity of any unknown website you visit
  • Use a reliable security solution, such as Kaspersky Security Cloud, that identifies malicious attachments and blocks phishing sites

* Anonymous data based on Kaspersky product detections for March 2020 to July 2021.

Kaspersky identifies more than 5,000 pandemic-related phishing websites since the beginning of the pandemic

From March 2020 to July 2021, the global cybersecurity company prevented over a million user attempts to visit these sites*
Kaspersky Logo