(Photo by Ishara S. KODIKARA / AFP)

Omicron variant testing-related phishing attacks poses threat to businesses

COVID-19 related phishing attacks have been making headlines around the world as many have found themselves falling victim to such scams. Whenever a new variant is reported, cybercriminals make the most of the opportunity to wreak havoc on victims since most of them will be curious to find the latest information and such.

According to Barracuda Networks, a massive Omicron-led spike in COVID-19 test-related phishing attacks in the past few months have posed a serious threat to businesses not only in the Asia Pacific but around the world.

For example, in Singapore, there was a 163% surge in online scams when the pandemic started in 2020. Cybercriminals are targeting victims who are normally looking for information related to the pandemic. These include information on new variants, travel restrictions ad vaccination information.

As such, in an analysis conducted between October 2021 and January 2022, Barracuda researchers witnessed attacks increasing by 521%, with daily average peaking in early January, coinciding with a worldwide increase in demand for COVID tests as a result of the rapid spread of the Omicron variant.  This surge in ‘COVID test’-related phishing attacks is just the latest strategy that cybercriminals have employed throughout the course of the pandemic.

Back in March 2020, when COVID-19 started to spread rapidly, Barracuda researchers also observed that COVID-related phishing attacks jumped 667%. Similarly, as vaccination programs started to roll out at the start of 2021, so too did a new wave of vaccine-related email threats.

phishing atacks

(source – Barracuda Networks)

This recent analysis shows that cybercriminals are using a variety of tactics to get the attention of their victims by taking advantage of their desperation and anxiety.  They include sending fake notifications of unpaid orders for COVID-19 tests, where the cybercriminal will provide a PayPal account to send payments to complete the purchase of rapid tests, and impersonating lab personnel or testing providers, sharing fake COVID-19 test results.

As some organizations try to get their staff back to the office, they send out updated policies or request information on employees’ vaccination status. Hackers hijack these conversations. In one specific example found in Barracuda’s research, cybercriminals impersonated an HR department and shared a file hosted on a phishing site with employees in hope of stealing their account credentials. The attackers went as far as impersonating the Office 365 logo and stating that the document has already been scanned for virus and spam content.

For Mark Lukie, Systems Engineer Manager, Barracuda, Asia-Pacific, capitalizing on the chaos of the pandemic is not a new trend in the world of cybercrime. However, he believes that with constantly evolving tactics, and new trends to take advantage of, it’s easy to see why cybercriminals continue to exploit the situation.

Lukie also pointed out that just like the threat of COVID-19, pandemic-themed scams are not going to disappear overnight, but fortunately there are several tactics that businesses and consumers can employ to ensure they remain protected.

“For a start, businesses can leverage sophisticated email security which utilizes artificial intelligence to detect and block email attack tactics that are designed to bypass basic gateways and spam filters. Providing employees with up-to-date user awareness training about COVID-related phishing, seasonal scams, and other potential threats is a vital cybercrime prevention method, as is establishing and reviewing existing fraud detection policies, to ensure that personal and financial information is handled properly,” added Lukie.