Criminality continues to weigh down the email channel, even
as brands seek to build customer engagement and trust, judging by a new report from Barracuda.
The company lists five primary types of malicious activity that have exploited COVID-19:
- Malware — Emotet, a popular banking Trojan, was the first malware to leverage the pandemic. LokBot has been connected to two pandemic-related phishing campaigns.
- Scamming — Digital con artists have offered coronavirus cures and face mask and asked for donations to fake charities, or investments in bogus companies purportedly developing
vaccines. These are the types of scams that have been offered since the early days of direct mail.
- Brand Impersonation — Many of these phishing emails use domain
spoofing tactics, pretending to be from the World Health Organization, and people open them.
- Blackmail — In some cases, victims have been threatened with infection
unless they pay a ransom. And the attacks sound credible because they seem to know details like where the person lives. But the threats are fake.
- Business Email Compromise (BEC) — These emails pretend to be from a person of authority within a company. The gambit is to get a payment or information. While these attacks make up
only 1% of spear-phishing attacks, they are growing.
Barracuda urges companies to use anti-phishing software, educate remote workers, and leverage
advanced incident-response tools.