Coronavirus fears exploited by criminals to launch malicious attacks

Cybercriminals are exploiting coronavirus fears to launch hundreds of attacks on internet users across the globe every minute

  • Cybersecurity firm McAfee found evidence of an average 375 threats a minute 
  • There has been a spike in cyber threats as people move online due to lockdown
  • This includes malicious apps, phishing campaigns, malware and faked websites

As people move to live more or of their life online due to the coronavirus pandemic, cybercriminals have launched hundreds of attacks against them every minute. 

A new report by cybersecurity firm McAfee found that around the world there had been 375 new threats per minute on average during the pandemic and lockdown.

Many of the threats have worked to exploit people’s fears about the virus through malicious apps, phishing campaigns, malware and harmful websites.

The Covid-19 Threat Report said that as the world moved online during lockdown, criminals tried to exploit the public’s desire for information on the virus.

A new report by cybersecurity firm McAfee says it has seen an average of 375 new threats per minute during the pandemic. Stock image

McAffee said hackers and scammers were also targeting those shopping, banking and carrying out other day-to-day activities online.

Consumer watchdogs and online safety groups have also highlighted scams where criminals pose as contact tracers to try and gain personal information from people. 

Both the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) warned of a surge in cybercrime during lockdown.

The NCSC launched a suspicious email reporting service which allowed the public to forward bogus emails to the centre for investigation.

McAfee fellow and chief scientist Raj Samani said: ‘What began as a trickle of phishing campaigns and the occasional malicious app quickly turned into a deluge of malicious URLs and capable threat actors.’

He said they were ‘leveraging the world’s thirst for more information on Covid-19 as an entry mechanism into systems across the globe.’

Jesus Sanchez-Aguilera Garcia, head of EMEA consumer at McAfee, said it was vital that the public ‘stay alert’ while online in the face of the increased threats.

‘The pandemic changed the way we live our lives, both online and offline,’ he said.

‘For many, daily activities such as shopping, banking and socialising have shifted to online and this behavioural shift is likely to continue over the coming months.’

As consumers looked to stay entertained online, the researchers saw the number of bogus websites increase from 1,600 to 39,000 in the first weeks of lockdown.

Hackers and scammers were also targeting those shopping, banking and carrying out other day-to-day activities online. Stock image

‘This tricked consumers into visiting malicious websites that can be used to install malware or steal personal or financial information and passwords,’ said Garcia.

He said this is why it’s so important for consumers to stay alert while online and avoid malicious websites that have the potential to cause harm.

He added that the cybersecurity firm had seen scammers use ‘Covid-19 themed emails to play into the fears of British consumers and prompt them into unsuspectingly downloading malware onto their personal devices’.

McAfee’s report also said it had seen substantial increases in the targeting of public sector bodies, as well as education organisations.

The NCSC has previously confirmed that the NHS has been the target of an increased number of attempted cyberattacks during the pandemic, with the centre supporting the health sector in its defences.

The cybersecurity agency has urged the public to improve their own personal security by using features such as two-factor authentication to secure accounts, as well as use three random words to improve password strength and keeping all software up-to-date.


Phishing involves cyber-criminals attempting to steal personal information such as online passwords, bank details or money from an unsuspecting victim. 

Very often, the criminal will use an email, phone call or even a fake website pretending to be from a reputable company. 

The criminals can use personal details to complete profiles on a victim which can be sold on the dark web. 

Cyber criminals will use emails in an effort to elicit personal information from victims in order to commit fraud or infect the user’s computer for nefarious purposes 

Some phishing attempts involve criminals sending out infected files in emails in order to take control of a victim’s computer.   

Any from of social media or electronic communication can form part of a phishing attempt. 

Action Fraud warn that you should never assume an incoming message is from a genuine company – especially if it asks for a payment or wants you to log on to an online account. 

Banks and other financial institutions will never email looking for passwords or other sensitive information. 

An effected spam filter should protect from most of the malicious messages, although the user should never call the number at the bottom of a suspicious email or follow their link. 

Experts advise that customers should call the organisation directly to see if the attempted communication was genuine.  

According to Action Fraud: ‘Phishing emails encourage you to visit the bogus websites. 

‘They usually come with an important-sounding excuse for you to act on the email, such as telling you your bank details have been compromised, or claim they’re from a business or agency and you’re entitled to a refund, rebate, reward or discount.

‘The email tells you to follow a link to enter crucial information such as login details, personal information, bank account details or anything else that can be used to defraud you.

‘Alternatively, the phishing email may try to encourage you to download an attachment. The email claims it’s something useful, such as a coupon to be used for a discount, a form to fill in to claim a tax rebate, or a piece of software to add security to your phone or computer. 

‘In reality, it’s a virus that infects your phone or computer with malware, which is designed to steal any personal or banking details you’ve saved or hold your device to ransom to get you to pay a fee.’ 

Source: Action Fraud

Source: Read Full Article