Cybercriminals are notorious opportunists. Much of their trade relies on creating timely “lures” or “bait” to entice their victims to click on fake websites or download files that contain malware. For years, they’ve leveraged crises for financial gain, taking advantage of disasters such as hurricanes and earthquakes. For these hackers, the COVID-19 pandemic has delivered potent new material, as coronavirus-related attacks are intensifying.
Proofpoint, a California-based cybersecurity firm, told WPR in an email that it tracked 75 million coronavirus-themed malicious messages during one week in April. Amid global panic and frustration, people are more likely to click without thinking about the risks, especially when emails promise urgent new information about travel restrictions or virus cures.
These phishing messages often appear as if they’re sent from government health departments or the World Health Organization. But staff at these agencies can become targets as well, according to Liviu Arsene, a researcher at the cybersecurity firm Bitdefender, which is based in Romania. Phishing emails are often designed to be irresistible to health workers, containing phrases like “exclusive information about coronavirus” or “new treatments that you need to apply to save your patients,” he said in an interview.