Unit 42 (the Palo Alto Networks threat intelligence team) released research on new COVID-19 consumer scam campaigns. The findings shed light on how cybercriminals are preying on victims during the COVID-19 pandemic.
From January 1 to March 31, Unit 42 identified 116,357 coronavirus-related newly registered domain names (roughly 1,300 domains per day). Out of these, 2,022 are malicious and 40,261 are “high-risk”. Of note, Unit 42 found a 656% increase in the average daily number of malicious COVID-19 themed domains from February to March.
Unit 42 also observed several campaigns:
- Phishing attacks: Emails with a link to a fake Bank of America website to fool users into giving away their login credentials. Other attacks included fake Apple, PayPal and Outlook websites.
- Fake webshops: Scam websites that offered high-demand items like face masks or hand sanitizers for a discounted price. For example, often these webshops advertise deals that are too good to be true in the current Coronavirus pandemic
- Credit card skimmers: Scripts on other malicious stores that sell pandemic-relevant goods to steal credit card information.
- Fake ebooks: Domains set up to prey into consumer fear and coerce them into buying COVID-19 ebooks by playing a video about the scariest situations and events related to the pandemic.
- Illicit pharmacies: Unlicensed and leverage compromised websites that use domain names suggesting they sell remedies for COVID-19 when they actually advertise Viagra and other drugs unrelated t