Cyber Criminals Enhance COVID-19 Phishing Templates for a Boost


Passing through the COVID-19 outbreak, one thing is evident – cyber hackers and scammers have relentlessly ensured to enhance new ways of carrying out phishing operations and constantly refined the malicious targets for better results. This time through enhanced templates.

In an article by HelpNetSecurity, Proofpoint researchers have stated, “Credential phishing attackers often tailor their email lures with themes they believe will be the most effective and use general websites for actual credential harvesting. The recent move to create custom COVID-19 payment phishing templates indicates that buyers view them as effective enough to warrant custom tactics to harvest credentials,”

Leveraging the distribution of information from organizations about the novel coronavirus, cybercriminals have designed and enhanced their phishing templates.

New targeted templates closely resemble the authentic notifications an individual may receive from any organization.

A lot of emphasis is being put on the fear that people have related to COVID-19, perhaps giving cyber criminals a golden opportunity to create campaigns once the existing ones fall off.

SBA loan applicants are heavily targeted during COVID-19 pandemic as businesses struggle to receive optimal funding to continue business operations.

While business owners eagerly wait for their application decisions, cyber attackers are using this anxiety as leverage to conduct phishing operations as people may click and download attachments sent on emails assuming it’s authentic.

It is IMPERATIVE that you analyze the email notifications before clicking on links and attachments on the email. SBA has a pleasant staff of customer service representatives that will verify the email and assist you with your application. Please DO NOT provide any personal or financial information on any links or emails.

IRS emails are also being impersonated informing people about their ineligibility for financial aid as a part of COVID-19 and asking to fill out a form with the victim’s personal and financial information.

We suggest you contact the IRS before taking any actions described in the email.

Other online account credentials that are being targeted are – Outlook, Gmail and Microsoft Office 365 accounts.

These accounts normally contain sensitive personal, confidential and financial information and it’s best not to follow through on any links and pages that might look suspicious.