The threat of Covid-19 phishing attacks

By Hayleigh Bissette, altinet.

With the majority of businesses across the UK now having been working remotely since March, and COVID-19 being a common topic amongst a variety of business service communications, cyber criminals have quickly adapted their campaign tactics to take advantage of this developing situation and target users who may be more vulnerable to attack than ever before.

According to research conducted by Barracuda Networks, COVID-19 related spear phishing attacks increased by an alarming 667% between the end of February and March 23rd – a number that has likely surged even higher since this time.

Overall the tactics observed in this campaigns align with those of typical spear phishing attacks, with the key differences being the organisations that they choose to impersonate, as well as the content of their messages specifically playing off users’ new fears surrounding COVID-19, as opposed to the usual scams playing of concerns over compromised accounts or promising some kind of false reward.

Through their observations, Barracuda researchers highlighted three key phishing tactics that were most commonly used alongside this coronavirus messaging: scamming, brand impersonation, and blackmail.


Traditional scamming campaigns differ from other phishing attacks by entirely falsifying information, rather than trying to replicate or impersonate existing brands or individuals, making it almost impossible for users to check the reliability of their claims.

In relation to COVID-19 specifically, many scammers are claiming to be selling supposed cures for the virus or protective equipment like face masks, while others are reportedly requesting direct payments from their targets under the guise of charitable donations or investments into companies allegedly developing vaccines.

Brand Impersonation:

Brand impersonation attacks rely on tricking targets into believing they are communicating with a trusted source, such as a service provider or government body, by adopting identical or similar imagery, email domains, website URLs and more.

During this lockdown period users are more susceptible to brand impersonation attacks than ever before due to the sudden surge in genuine organisations sending out online communications on the topic of COVID-19. However, most of this legitimate messaging simply offers users updates on the company in question’s business continuity or guidance relevant to current health concerns, rather than asking recipients to take any kind of action such as downloading attachments.

Examples of some of the brands who are being impersonated in significant numbers during this time include popular home services like Netflix, with criminals baiting targets with ‘isolation period’ free trials, as well as government organisations like HM Revenue and Customs and the World Health Organisation.


Attackers have been known to blackmail targets into making bitcoin payments through a variety of techniques, but most commonly rely on threats of stealing accounts with leaked credentials, infecting devices with malware, or releasing compromising images of the target supposedly obtained by hacking into their webcam – however, these criminals have stooped to a new low in reaction to COVID-19.

Barracuda researchers detail one specific example of an attacker claiming to have access to personal information of the target, including their whereabouts, and threatened to infect them and their family with coronavirus if a random was not paid in time. This particular attack was detected by Barracuda over 1,000 times in the span of two days.