Phishing on the rise during the global pandemic: the coronavirus, the pretext
As outlined in a study provided by INTERPOL, "Threat actors have revised their usual online scams and phishing schemes. By deploying COVID-19 themed phishing emails, often impersonating government and health authorities, cybercriminals entice victims into providing their personal data and downloading malicious content (...). Trend Micro, one of INTERPOL's private partners, has detected 907,000 COVID-19-related messages since January 2020. Cybercriminals have taken advantage of the economic downturn and the anxiety people are experiencing to refine their social engineering tactics, using COVID-19 as the focus of their attacks.
Cybercriminals are increasingly using disruptive malware against critical infrastructure and healthcare institutions, such as the Ministry of Health, to offer users information of interest about the pandemic via email, instant messaging, WhatsApp, etc. This phenomenon, known as phishing, consists of impersonating official bodies with the aim of maliciously deceiving the user, sending false links in communications to web pages that pretend to be official, in order to obtain personal data. The data usually collected could range from information such as home address or mobile phone number to more sensitive data such as bank account numbers or bank account PIN numbers.
Although there are currently no official studies on this area, private companies specialising in cybersecurity have noted a significant increase in this type of scam. Reports of victims receiving this type of communication, usually via email or text message, have increased dramatically as a result of the pandemic.
One possible explanation for this phenomenon is the emergence of a new opportunity for cybercriminals. In the wake of the global pandemic, there is considerable public interest in current events and developments, interest in new measures implemented by institutions or governments, and also a desire to obtain more information in order to be able to fill the information gap. This interest on the part of the victims is the perfect breeding ground for the opportunity to be seized, with the victim citizen more frequently accessing these malicious links in search of the desired information that the cybercriminals falsely claim to provide.
As a result of the technological change that has led to the global pandemic, producing an increase in the use of technology on a daily basis, it is the perfect channel for these malicious communications and the victim is prone to access this type of digital scams, with cybercriminals therefore having greater success when it comes to stealing information. But what happens afterwards with the information obtained by the criminals? It is known that this information is sold to other interested companies or platforms, which generates great economic profit for those who manage to create large databases with the phishing campaigns carried out. This generates a black market in user information based on the buying and selling of this information, which is highly profitable, as the cost of obtaining it is practically zero, since it does not require a large technical infrastructure.
In addition, other types of data, usually preferably banking data, are used to carry out illegal transactions without the user's knowledge and move sums of money between different accounts until they reach a final account, which makes it difficult to investigate the flow of the financial amounts transferred. This is a major problem for victims of bank phishing, as they could see their personal account affected, having made transfers of large sums of money without their knowledge or consent, which could seriously affect their purchasing power and generate great economic damage.
Other mechanisms such as subscriptions to "premium messaging" platforms have also been observed. Once the data concerning the person's telephone number is sold to such platforms of dubious legality, they enrol them in a programme that consists of sending text messages with links to online games, betting shops or other types of hooks, charging a high amount of money for the receipt of these messages. These text messages are usually sent continuously, and can be sent several times a day, with the result that the user's telephone bill is increased by the cost of this type of service, with the premium messaging platform profiting without the user actually having signed up consciously and intentionally. In addition, these types of companies place certain barriers and difficulties in the way of the user being able to unsubscribe from the service, extending the subscription time and therefore increasing the economic profit.
This is therefore a notably harmful phenomenon for citizens, since not everyone has the same perception of risk, and those with less training or knowledge regarding new technologies may fall into the clutches of one of the phenomena that has undoubtedly advanced the most during the pandemic: phishing or identity theft. The outlook for the future is similar, since, if we look at the trend, it continues to grow, so the most likely scenario is that cybercriminals will perfect (even more if possible) their techniques and continue to take advantage of the opportunity that arises in each new social scenario that we have to face in the coming years - or even months.
Ainoa Guillén González/Coordinator of the Cybersecurity Area of Sec2Crime.
