Cybercriminals continue to use COVID-19 as bait in attacks on businesses via email

Cybersecurity solutions provider Kaspersky discovered how cybercriminals continue to exploit the panic amid the pandemic by actively using the topic of spreading malware such as backdoors and spyware in the past few weeks. Email is the most effective method for phishing because companies usually send confirmation and notifications through email messages.

Last autumn Kaspersky experts shared research about the RevengeHotels campaign, during which cybercriminals sent out targeted booking emails posing as legitimate organizations and even real people, and then went on to infect hotel computers stealing clients’ credit card data in the process.

COVID-19 pandemic has practically put the brakes in society with businesses modifying work setup to adjust to the times. People are especially reliant on various communications methods including email. Cybercriminals are exploiting it even more than before with fake emails pertaining to supply deliveries.

Have you read “Kaspersky offers free security solutions for six months to healthcare institutions“?

In the most recent cases, cybercriminals have referred to delivery issues caused by the pandemic: from their supplier in China not being able to produce the products on time, to checking if the victim would be able to fulfill the order that they have agreed to. In some cases, cybercriminals discuss urgent orders and this puts pressure on victims.


The main purpose of these emails is to make the victim open a malicious attachment, ultimately infecting the device and giving cybercriminals remote control or access to the organization’s system. In order to trigger them to do so, cybercriminals ask victims to check delivery information, payment or order details that seemingly are in the attachment.

“Such phishing schemes are not as widespread as the regular ones we usually see, but they are often focused on a specific group of organizations and are quite regularly targeted. The best medicine from such a threat is a good security solution that can detect various threats in attachments and has a database of cataloging these types of scams. The other piece of advice is remaining calm and attentive to details, and this is something we need to continue doing regardless of any external circumstances,” comments Tatyana Shcherbakova, Kaspersky’s senior web content analyst.

Learn more about different examples of phishing scams targeting organizations on the Kaspersky Daily Blog.

To minimize the risk of business falling victim to spam and phishing, here are some tips on how to recognize it:

  • Carefully look at the files extensions. If it is an executable file, it is most likely not safe to open.
  • Check whether the company that sent you an email actually exists and looks it up in a web search or on social media. If you cannot find any evidence of its existence, reconsider whether you should be working with such firm.
  • Check whether the information in the automatic signature and in the ‘Sent’ field is the same. If it is different, it is likely that the email was sent by a spammer.
  • Remember that cybercriminals can create fake documents by using information about the company they are pretending to be. Even if the information in the official email is the same as on the official resources of the organization, but you still doubt its safety, reach out to the company in order to get a confirmation of this email having been sent.

Kaspersky also recommends organizations follow these cybersecurity practices:

  • Implement cybersecurity awareness training for your employees to teach them how to recognize phishing emails, so they do not open attachments or click on links from unknown or suspicious addresses. To reinforce skills, regularly conduct simulated phishing attacks.
  • Use a dedicated cybersecurity solution, such as Kaspersky Total Security for Business which includes mail threat protection along with web threat protection, behavior detection and exploit prevention capabilities.
  • Make sure that the security solution, as well as any other software used in a company, is regularly updated.

Categories: Uncategorized

Tagged as: , , ,