New COVID-19 themed consumer scam campaigns discovered
Palo Alto Networks threat intelligence team has released research on new COVID-19 consumer scam campaigns that sheds light on how cybercriminals are preying on victims during the global pandemic
Unit 42 (the Palo Alto Networks threat intelligence team) has released research on new COVID-19 consumer scam campaigns. The findings shed light on how cybercriminals are preying on victims during the COVID-19 pandemic. Researchers found an immense increase in Coronavirus-related Google searches and URLs viewed since the beginning of February. Cybercriminals are looking to profit from such trending topics, disregarding ethical concerns, and in this particular case preying on the misfortunes of billions.
To protect customers of Palo Alto Networks, Unit 42 researchers monitor user interest in trending topics and newly registered domain names related to these topics, as miscreants often leverage them for malicious campaigns. Using Google Trends and our traffic logs, we observed a steep increase in user interest of topics related to Coronavirus, with prominent peaks at the end of January, the end of February, and the middle of March 2020.
Accompanying the growth in user interest, we observed a 656% increase in the average daily Coronavirus-related domain name registrations from February to March. In this timeframe, we witness a 569% growth in malicious registrations, including malware and phishing; and a 788% growth in “high-risk” registrations, including scams, unauthorised coin mining, and domains that have evidence of association with malicious URLs within the domain or utilisation of bulletproof hosting.
As of the end of March, we identified 116,357 Coronavirus-related newly registered domain names. Out of these, 2,022 are malicious and 40,261 are “high-risk”.
Unit 42 also observed several campaigns:
- Phishing attacks: Emails with a link to a fake Bank of America website to fool users into giving away their login credentials. Other attacks included fake Apple, PayPal and Outlook websites.
- Fake webshops: Scam websites that offered high-demand items like face masks or hand sanitizers for a discounted price.
- Credit card skimmers: Scripts on other malicious stores that sell pandemic-relevant goods to steal credit card information.
- Fake ebooks: Domains set up to prey into consumer fear and coerce them into buying COVID-19 ebooks by playing a video about the scariest situations and events related to the pandemic.
- Illicit pharmacies: Unlicensed and leverage compromised websites that use domain names suggesting they sell remedies for COVID-19 when they actually advertise Viagra and other drugs unrelated to the virus.