Digital fraudsters have seized upon coronavirus 2019 (COVID-19) as a lure for their new scams and attack campaigns. Together, these malicious operations constitute nothing short of a deluge. Barracuda revealed that it spotted 9,116 coronavirus-themed spear-phishing emails between March 1 and March 23, 2020—a 667% increase over the 1,188 attacks detected a month earlier. By comparison, the security firm spotted just 137 coronavirus-themed email campaigns in January.

Unfortunately, nefarious individuals show no sign of cooling it with their coronavirus-themed scams. All of us therefore need to stay on top of these ploys, including but not limited to those borne by email. With that in mind, let’s look at some of the latest COVID-19 ruses that made headlines.

Texts Demand You Take a “Mandatory” Online COVID-19 Test

The Better Business Bureau (BBB) received reports of individuals posing as employees of the U.S. Department of Health and Human Services (HHS) or another U.S. government department. Using SMS text messages, these malicious actors instructed recipients to click on a link for the purpose of completing a “mandatory online COVID-19 test.”

There’s just one problem: there’s no way of testing someone for COVID-19 online. With that said, the link used in this scam likely directed recipients to a fake web portal designed to steal their personal, financial and/or medical information. Attackers could have then monetized that data on the dark web or leveraged it to conduct secondary attacks.

You’re Infected…by Malicious Macros

Not dissimilar from the ploy described above, a scam detected by KnowBe4 used attack emails to warn recipients that they had come into contact with a “colleague/friend/family member” who has COVID-19. The email then instructed them to download and print an Excel spreadsheet so that they could bring it with them to the nearest coronavirus testing site.

A screenshot (Read more...)