To better understand how scammers exploit the epidemiological challenge, Kaspersky experts analysed pandemic-related spam emails and phishing pages designed to steal users’ credentials.
Various fake payment offers and discounted COVID-19 tests are among the most common schemes used by cybercriminals. Recently, phishing ads for fake QR codes and vaccination certificates for restaurants and public events have become popular.
An example of a phishing website offering breathing masks
Pandemic-related scamming activity peaked in March 2021. Kaspersky researchers observed a slight decline in June, before cybercriminals intensified their efforts. During this month, Kaspersky products detected and blocked 14% more pandemic-related phishing websites than they did in May.
“In most pandemic-related fraud, cybercriminals aim to obtain user data. Phishing is often used for this: a user follows a link from an ad or email and gets to a page where they are asked to enter personal information and bank card details. Once they have this information, attackers can use it to steal money from a target’s accounts. If you see a message about the pandemic, we recommend you always double-check the information is from an official source and never give your personal data to suspicious sites,” comments Alexey Marchenko, Head of Content Filtering Methods Research at Kaspersky.
In order to avoid falling victim to a scam, Kaspersky also advises users:
* Anonymous data based on Kaspersky product detections for March 2020 to July 2021.