Optistar uses cookies to make our website work properly and to provide the most relevant content and services to our clients and site visitors.


4 Phishing Scams Coming to a Mailbox Near You

February 10, 2022

Pandemic Phishing Scams Are Still Going Strong

Phishing exploded at the start of the COVID-19 pandemic. In Q2 2020 alone, phishing attacks increased by an estimated 600% as cybercriminals took advantage of a perfect storm of fear, uncertainty and opportunity to launch phishing scams that capitalized on the pandemic’s shifting circumstances. While the phishing landscape isn’t nearly as volatile as it was back then, one thing does remain the same – cybercriminals are still leveraging the pandemic to power their phishing schemes.  

Profiting From Omicron

Cybercriminals love a good news story to harness in their social engineering attacks, and COVID-19 has been very good to them. The Omicron variant is just their latest hook. Phishing attacks using this are the main reason why IT professionals are seeing an increase of more than 500% in phishing attacks around COVID-19 between October 2021 and January 2022. These 4 phishing schemes have been prominent in today’s wave of trouble

Fake COVID-19 Exposure Warnings 

In this phishing variation, bad actors send their intended victims phishing emails with a subject line that reads “COVID-19 testing result” or something similar. The bogus message then informs the recipient that they have been exposed to a coworker who recently tested positive for the Omicron COVID-19 variant. The unfortunate recipient is instructed to open an Excel document to learn more about their exposure and what to do next. Of course, the email includes both the password-protected Excel document as an attachment and the password needed to open it

When the recipient of the phishing message opens the Excel document and enters the password, they’re shown a blurred document that looks like it contains data about COVID-19 procedures. The victim is then prompted to “Enable Content” or “Enable Macros” to view the full document. But after the victim agrees to the prompt, they get malware instead of the promised information. In an especially ghoulish twist, some threat actors taunt their victims by displaying an alert containing the phone number for a “COVID-19 Funeral Assistance Helpline”.  

Fraudulent Employee Termination Notices  

In this nasty phishing campaign, threat actors prey on people’s fear of job loss in a time of economic uncertainty to scare them into taking action that enables the bad guys to deploy malware like Dridex using fake employee termination emails. Targets receive emails with subject lines like “Employee Termination” or something equally grim. In a recent phishing campaign of this ilk described by Bleeping Computer, the unfortunate recipient was informed that their employment was being terminated on December 24th, 2021, and that “this decision is not reversible.”  

The phishing messages also include an attached Excel spreadsheet with a name like “TermLetter.xls”. As in the previous case, the password required to open the spreadsheet is also provided. When the recipient opens the Excel spreadsheet and enters the password, a blurred form with the title “Personnel Action Form” or something similar is displayed, along with a prompt to “Enable Content” – which actually enables malicious macros to be executed that create and launch malware through a malicious HTA file saved to the C:\ProgramData folder. 

Testing Kit Scams 

Consumer demand is high for COVID-19 test kits. Even medical offices and clinics are hungry for fresh testing supplies to keep up with patient demand. Many brands and styles of COVID-19 testing kits are on the market that consumers can purchase online or at a retail store. Government agencies including the US Department of Health and Human Services have also launched programs to provide residents with free or reduced-price COVID-19 test kits. This gives cybercriminals an extra edge in pursuing phishing operations around COVID-19 test kits. Cybercriminals love to exploit government programs or publications for brand impersonation scams with an official-sounding twist.  

In a recent scam, bad actors are launching phishing messages that promote spurious COVID-19 rapid test kits with competitive prices and fast delivery dates to potential targets in the US. Cybercriminals aren’t shy about layering on details that make their messages seem authentic like claiming that their testing kits are CE certified (i.e. they meet EU safety requirements) and are already in use in the European market. Of course, the only thing that the victims will get from this transaction is their account credentials stolen. Other variations that could be especially dangerous for businesses in the healthcare sector hawk all sorts of pandemic-related medical supplies like thermometers, pulse oximeters, freezers for vaccine storage and syringes for vaccine injection. 

Vaccination Status Traps

In another COVID-19 phishing scam, bad actors are once again posing as a company’s HR department with the premise that they’re collecting information about an employee’s vaccination status. This time they’re attaching a COVID-19 vaccination self-compliance report to their malicious message, usually as a PDF. In reality, it’s just bad actors looking to steal account credentials from unsuspecting employees or distribute malware. 

Phishing Is A Perpetually Surging Tide

Phishing scams are flourishing, and many companies are paying the price. An astonishing 80% of IT professionals in a recent survey said that their organizations have faced an increase in the volume of phishing attacks that they’re combatting, potentially putting more phishing messages into employee inboxes. One contributor to this problem is a lack of security awareness training, especially for employees who are working remotely. Remote workers are much more likely to be careless with an email making them much more likely to be taken in by phishing.  

Security awareness training is a powerful tool for teaching employees smart email handling practices and making them more aware of phishing, improving employee phishing awareness by an estimated 40%. But even with such impressive results, companies are still not undertaking enough security awareness training. In a recent survey by GetApp, 55% of companies don’t provide basic email security training and more than 30% don’t provide any security awareness training for employees at all. That’s incredibly dangerous in today’s heightened risk landscape when some of the most dangerous cyberattacks that companies face arrive as the poisonous cargo of a phishing email. 

For information on Optistar’s security awareness training for your employees, email us at ask@optistartech.com or call us at 888-782-7003. We would love to answer any questions you may have or provide Security and Technology guidance for your organization! 


ID Agent

Back to Insights
Sign up for More Insights