Phishing | Attacks during Covid-19 outbreak! | What you need to do, phishing, phishing attacks, covid-19, coronavirus cyber scrime, inforsec, infosecurity blog, phishing ultimate guide part 2, urm consulting phishing exercise blog

Phishing – The Ultimate Guide – Part 2

During these challenging times, we are seeing the very best of humanity in offers of
support and help to the wider community and also the very worst – phishing attacks
exploiting the Covid-19 outbreak are on the rise.

In our previous blog we looked at phishing in general. This blog will focus on some of the aspects of phishing that have been seen in the past months, aimed at exploiting human vulnerabilities. It is important we are all aware of the significance of this and are warning and educating our teams to recognise a phishing attack and to not click the link!

Figure 1

Phishing accounts for 32% of data breaches and is responsible in 70% of all data breaches featuring social engineering (Verizon 2019 Data Breach Investigation Report). This is now expected to increase, exploiting a time when we are all more inclined to help and support our colleagues and the wider community.

Hackers are an opportunistic species who continually attempt to exploit their targets’ emotions. The most recent COVID-19 outbreak is no different. From the first identified phishing campaigns in January 2020, we have observed several iterations, ranging from appealing to charity to blatant threats of infection. In the same period, there has been a huge increase in COVID-19 themed domain registrations (Figure 1). It is fair to assume that a significant number of these domains will be used for activities of questionable legitimacy and ethics.

Attack methods


One of the first discovered attacks was a phishing email purportedly originating from the World Health Organisation (WHO) (Figure 2). The attack was delivered to the recipients via an email containing a link redirecting the ‘clicker’ to a WHO themed phishing site used to steal user credentials.

Figure 2

Figure 2

Figure 3

Figure 3


An appalling phishing attempt was recently discovered by Sophos researchers (Figure 3.) containing an extortion letter demanding payment in Bitcoins or threatening to release alleged compromising information and infecting every family member with the COVID-19 virus. Whilst sickening, this is a worrying attack as the attackers are combining phishing with blackmail/extortion. In recent years, there have been many similar examples. The most prominent have involved cases of ‘sextortion’, where a criminal would demand payment to refrain from publishing explicit images or videos of its target.


A different approach to the above example is one where the attacker opts to appeal to human greed, such as a monetary reward or tax refund in exchange for cooperation. Figure 4 is an example of one of the phishing emails that appeal to the basic human instinct of survival. With everyone worried about their livelihoods, an offer of a monetary reward, particularly when it allegedly comes from the government, is always welcome and unlikely to be turned down.

A phishing method with a less engaging appearance is an SMS message. These are limited by the number of characters and, typically, attackers take the usable space to relay a message requesting urgent and immediate compliance. In some ways, this method of attack is more difficult to orchestrate and requires more resources.

Figure 5 is an example of a typical phishing SMS. In comparison to other methods mentioned in this blog, there is a lower chance of success for an SMS attack than for an email, yet they are still responded to.

Figure 5

It is also important to note that phishing attacks via telephone are not uncommon and again are being optimised during this difficult time.

Defence mechanisms


Hopefully, your email provider/technical measures have already filtered spam at the entry point, before reaching your users’ inboxes. However, in many cases, suspicious emails may still get through. When providing phishing training, ask your users to consider the following key questions:

1. Why did I receive this?
2. Am I expecting it?
3. What if I don’t comply?
4. Is there anyone that can help?

As a gesture of support and goodwill to all those battling to keep us safe, URM will donate 25% of any end-user awareness training or simulated phishing attacks commissioned during these challenging times, to support those on the front line.