HomeWinBuzzer NewsCOVID-19 Recycled Phishing Campaigns Start Targeting Unwitting Users

COVID-19 Recycled Phishing Campaigns Start Targeting Unwitting Users

Researchers have found attackers are using the COVID-19 pandemic to execute Phishing campaigns based on old phishing kits.


The cyber sharks are circling during the pandemic with bad actors using to take advantage of people interesting in coronavirus. Even cybercriminals are restricting resources during the global lockdown and are relying on hold techniques to trick victims.

According to Akamai researcher Or Katz, attacks are using old phishing kits that were previously used but have since been discontinued. In a post on Thursday, Katz says hackers have now brought those old methods out of retirement.

As hundreds of millions of people around the world work from home or are only communicating digitally, there is a wider base of potential victims.

Security researchers have found a surge in phishing activity. Attackers are using emails or SMS messages that look legitimate. Unwitting users are directed to websites that are “seemingly related to COVID-19 news, governmental updates, or health-related products and services.”

Phishing Campaigns

In other words, the attackers are using the fear, uncertainty, and interest around the pandemic to attract victims.

“By pretending to be an insurance company, bank, medical expert or other trusted brand, criminals are convincing victims to trust them,” Katz says. “Once trust is established, the criminal is betting on the victim doing as asked, by opening malicious attachments, following malicious links, and releasing sensitive personal information, in order to enable access to critical applications and services.”

Domain URLs are refreshed, but the underpinning phishing kits are recycled. This surge in old phishing kits is clear.

“The recycling and repurposing of phishing kits themselves are indicative of the turnkey, industrial nature of the phishing industry,” Katz said. He points out that because the kits are old, mitigations may be easier to implement.

However, the easiest way to avoid falling victim to a phishing attack is to never click a link in an email or SMS unless you know who it is from.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News