APWG Profiles the Mutation of Identity Theft Attacks in the Age of COVID-19

The APWG's new Phishing Activity Trends Report for Q1 2020 reveals several ways in which cybercriminals have taken advantage of the COVID-19 pandemic. These include coronavirus-themed phishing and malware attacks against workers, healthcare facilities, and the recently unemployed.

In April 2020, APWG members reported 1,054 attacks against Zoom, the popular videoconferencing application being used for remote work, distance learning, and telemedicine. This was up from eight reports lodged ithe APWG's eCrime eXchange clearinghouse of cybercrime event data in March, an extraordinary, if unprecented, increase in abuse against a single brand in such a narrow time frame. Some of the attacks were phishing attacks, in which phishers emailed out fake Zoom videoconferencing meeting notifications. Other attacks offered Internet users the opportunity to download the Zoom client, but delivered malware files instead.

APWG member Agari documents how criminals have used COVID-19 as a way to trick companies into transferring money as part of "Business Email Compromise" or BEC attacks. "Our data also indicates that coronavirus-themed phishing attacks started spiking the week of March 8. That was the same time that COVID-19 started to spike as a topic of general public interest according to Google Trends," said Crane Hassold, Senior Director of Threat Research at Agari.

APWG member RiskIQ has tracked how criminals have targeted healthcare facilities with ransomware attacks, especially smaller facilities with less than 500 employees. These healthcare providers are especially vulnerable to extortion because they cannot tolerate any disruption to their operations during the pandemic, and do not have large IT security budgets.

In Brazil, APWG member Axur traced a phishing scam called auxiliocorona.online, which targeted people looking for unemployment benefits.

In other news, the total number of phishing sites detected in the first quarter of 2020 was 165,772, up from the 162,155 observed in the fourth quarter of 2019. The number of brands attacked in the first quarter was also larger than in the previous quarter, peaking at 374 reported in January and ending in March with 344. Also, APWG member RiskIQ investigated how some domain names used for phishing that were reported to large hosting providers can stay unmitigated for months.

The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_q1_2020.pdf

About the APWG

Founded in 2003, the Anti-Phishing Working Group, (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multilateral treaty organizations, research centers, trade associations and government agencies. There are more than 1,800 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's <www.apwg.org> and <education.apwg.org> websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative <https://education.apwg.org/safety-messaging-convention/> and founder/curator of the eCrime Researchers Summit, the world's only peer-reviewed conference dedicated specifically to electronic crime studies <www.ecrimeresearch.org>. APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe's Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. Among APWG's corporate sponsors are: AhnLab, Area 1, AT&T (T), Afilias, Amazon Web Services (AMZN), AnchorFree, Avast!, AVG Technologies, Axur, Baidu Antivirus, BANDURA Systems, Bangkok Bank, BBN Technologies, Barracuda Networks, BillMeLater, Bkav, Blue Coat, BrandMail, BrandProtect, Bsecure Technologies, CSC Digital Brand Services, Check Point Software Technologies, CipherTrace, Claro, Cloudmark, Cofense, Comcast, CrowdStrike, CSIRTBANELCO, Cyxtera, Cyber Defender, CYREN, Cyveillance, DNS Belgium, DigiCert, Domain Tools, Donuts, Duo Security, Easy Solutions, PayPal, eCert, EC Cert, ESET, EST Soft, Facebook (FB), FeelSafe Digital, FEBRABAN, Fortinet, FraudWatch International, F-Secure, GetResponse, GlobalSign, GoDaddy, Google (GOOGL), Hauri, Hitachi Systems, Ltd., Huawei, Hyas, ICANN, Identity Guard, Illumintel, Infoblox (BLOX), IronPort (Cisco), Ingressum, Intel (INTC), Interac, IT Matrix, iThreat Cyber Group, iZOOlogic, Kaspersky Lab, KnowBe4, LaCaixa, Lenos Software, LINE, LookingGlass, MX Tools, MailChannels, MailJet, MailChimp, MailShell, MailUp, Microsoft (MSFT), MicroWorld, Mimecast, Mirapoint, NHN, MyPW, nProtect Online Security, Netcraft, Network Solutions, NeuStar (NSR), Nominet, Nominum, NZRS Limited, OpSec Security, PARENTHETIC, Public Interest Registry, Phishlabs, PhishMe, Planty.net, Prevalent, Prevx, Proofpoint, PSafe, RSA Security (EMC), Rakuten, RedMarlin, Return Path, RiskIQ, RuleSpace, SalesForce, SecureBrain, SegaSec, SendGrid, S21sec, SIDN, SilverPop, SiteLock, SnoopWall, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SunTrust, SurfControl, Symantec (SYMC), TDS Telecom, Telefonica (TEF), ThreatSTOP, TransCreditBank, Trend Micro (TMIC), Trustwave, UITSEC, Vasco (VDSI), VADE-RETRO, VeriSign (VRSN), VILSOL, Webroot, Wombat Security Technologies, ZIX, and zvelo.