The b direct logo Hive

Phishing in the Time of COVID


With all due respect to Durante di Alighiero degli Alighieri, also known as Dante, there must be a special circle of hell reserved for criminals who take advantage of catastrophic events and their victims. People who committed insurance fraud after Hurricane Katrina, those who prey on armed services widows and widowers, or those who filed bogus claims after 9/11.

Or today's cybercriminals, who are making money by defrauding people in the time of COVID.

With so many people working remotely, our B2B clients are relying on email marketing more than ever before. So too, unfortunately, are scam artists. And, while we've seen increases in open and click-through rates when we allude to the current situation, so are they.

KnowBe4, a leading cybersecurity training company based in Clearwater, Florida, recently published findings from a Q3 2020 study on COVID-related phishing attacks. Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, and credit card details, by disguising oneself as a trustworthy entity in an electronic communication. And, the public's concerns and sensitivity around COVID has led to devious new campaigns.

In KnowBe4's new report, they reveal that coronavirus-related email subjects are the biggest threat. Covering the entire third quarter, messages related to the coronavirus were the most popular, with a total of 50%. Social media messages are another area of concern when it comes to phishing, and LinkedIn phishing messages dominate as the top social media email subject to watch out for, holding the number one spot at 47%.

The company simulates thousands of phishing attempts in order to gauge users' likelihood of opening fraudulent emails. The top 10 subject lines from the study include:

  • Payroll Deduction Form
  • Please review the leave law requirements
  • Password Check Required Immediately
  • Required to read or complete: “COVID-19 Safety Policy”
  • COVID-19 Remote Work Policy Update
  • Vacation Policy Update
  • Scheduled Server Maintenance -- No Internet Access
  • Your team shared "COVID 19 Amendment and Emergency leave pay policy" with you via OneDrive
  • Official Quarantine Notice
  • COVID-19: Return To Work Guidelines and Requirements

Among actual suspicious emails that were reported to IT departments, the most common subject lines were:

  • Microsoft: View your Microsoft 365 Business Basic invoice
  • HR: Pandemic Policy Update
  • IT: Remote Access Infrastructure
  • Facebook: Account Warning
  • Check your passport expiration date
  • TeleMed Appointment Reminder
  • Twitter: Confirm your identity
  • Apple: Take part in our iPhone 12 trial and enter for the chance to win a FREE iPhone12
  • Exchange ActiveSync service disabled for [[email]]
  • HR: Benefit Report

Stu Sjouwerman, KnowBe4's CEO explains, “During this pandemic, we’ve seen malicious hackers preying on users’ biggest weak points by sending messages that instill fear, uncertainty and doubt. Our Q3 report confirms that coronavirus-related subject lines have remained their most promising attack type, as pandemic conditions weaken judgment, and lead to potentially detrimental clicks.”

For the bad guys, we're guessing you'll end up somewhere between Dante's eighth circle (Fraud) and his ninth (Treachery).

For the rest of us, the lesson is this. "We're living in dangerous times — in more ways than one. Think before you click."

Thanksgiving, Better Days Will Come
"But, I Don't Have Time to be Social"

For creative marketing that really works, it’s time for B Direct.

Contact Form Popup

© 2020 B Direct Marketing Communications – All rights reserved.