Report Shows COVID-19 Phishing Scams Becoming More Sophisticated. #Phishing #Covid19 #Scams

Phishing campaigns related to COVID-19 are becoming more targeted and difficult to identify as the pandemic progresses, a new report from privacy advocacy group ProPrivacy suggests.

The project, conducted in partnership with VirusTotal (Alphabet) and WHOIS XML, analyzed more than 600,000 domains to accurately track malicious activity throughout the pandemic. It found that the number of phishing domains being registered peaked in late March, but activity remains high with as many as 1,200 domains still being registered each day. To date, the project has identified more than 125,000 domains labeled as malicious, the vast majority of which are used for phishing activity.

 

The researchers noticed that as the pandemic progresses, phishing campaigns are becoming more targeted and potent, taking advantage of specific fears and concerns held by the public. For example, while there has been a marked decrease in the number of domains related to terms like ‘covid’ and ‘mask’, there has been a sharp increase in domain registrations related to unemployment, welfare benefits, and the US stimulus package.

 

Domain registrars have been proactive and effective in identifying generic domains related to the virus, but ProPrivacy’s research suggests that bad actors are now adopting a more nuanced approach. These focused campaigns are not only more likely to succeed, but they are becoming increasingly difficult for the threat intelligence community to identify using conventional broad stroke methods.

ProPrivacy tracked all domains registrations from January 1st, and each domain was checked against VirusTotal’s aggregated database of more than 60 threat intelligence partners. The team documented every domain labeled malicious and used a range of techniques to identify new themes that emerged throughout the pandemic.

“It would be easy to look at the overall trend and conclude that phishing activity related to the pandemic has simply fizzled out, but that’s not an accurate assessment,”

“These malicious campaigns have moved underground and are now addressing our most intimate concerns. When will my children return to school? Will I lose my job? It is these – truly human – questions that will fuel the ‘second peak’ of malicious activity. This is the next battlefront in the digital pandemic.” said Sean McGrath, lead researcher on the project.

 

According to a WhoisXML API researcher:

“We see a lot of niche registrations in our typosquatting data feed files. Registrants seem to target vulnerable groups. We suspect that these domains could serve as social engineering baits and trigger emotional responses.”

 

The study also found that GoDaddy was the most abused web host, hosting a disproportionately high number of domains used for phishing activity. The Scottsdale-based company is the largest hosting provider in the world, hosting an estimated 15 percent of all websites. However, 37 percent of the 80,470 IP addresses analyzed belonged to GoDaddy, with 3,285 resolving to the same IP address.

The full report and data can be accessed here: https://proprivacy.com/privacy-news/covid-19-malicious-domain-report

ProPrivacy has also created a free-to-use tool for the public to verify COVID-19 related websites. This can be accessed here: https://proprivacy.com/tools/scam-website-checker

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: