Skip to main content

Spam and phishing emails continue to hit businesses hard

(Image credit: Image Credit: Evannovostro / Shutterstock)

Some organizations suffered during the pandemic and others thrived. Among those that flourished in the disrupted environment were cybercriminals groups.

According to a new report from cybersecurity firm F-Secure, there was a “significant increase” in malicious emails (opens in new tab) that used Covid-19 as a theme during the spring, as the virus spread across the globe.

The emails themes varied greatly, from fake PPE orders to websites promising new information about the disease. The goal was to trick concerned victims into exposing their personal (and often financial) data to the fraudsters.

Three in four of these emails contained malicious attachments called infostealers, which scrape data for use in subsequent attacks or financial fraud.

“Cybercriminals don’t have many operational constraints, so they can quickly respond to breaking events and incorporate them into their campaigns. The earliest days of the Covid-19 outbreak left a lot of people confused or worried, and attackers predictably tried to prey on their anxieties,” said Calvin Gan of F-Secure’s Tactical Defense Unit.

“Spotting malicious emails isn’t typically a priority for busy employees, which is why attackers frequently attempt to trick them into compromising organizations.”

F-Secure claims finance was the most frequently spoofed industry, with Facebook the most frequently imitated company.

Infostealers, meanwhile, were the most common type of malware spread via email, and Lokibot the most common malware family.

Although criminals have used a whole arsenal of different weapons during the pandemic, email remains the most popular, accounting for more than half of all infection attempts.

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.