From HR mails to delivery notifications, hackers use new tactics during the pandemic

By Rahul Vaimal, Associate Editor
  • Follow author on
Phishing image
Representational Image

According to the latest findings from Kaspersky, consumers and businesses in the UAE suffered over 600,000 phishing attacks at the height of the COVID-19 stay-at-home period.

Kaspersky is a global anti-virus and cyber security provider.

More than 2.57 million phishing attacks were identified from Egypt, UAE, Saudi Arabia, Qatar, Kuwait, Bahrain and Oman from April to June, the global cyber security firm said.

Phishing statistics image

During the second quarter, Saudi Arabia, the largest Arab economy, saw 973,061 phishing attacks by cyber criminals, the most in the region. The UAE followed with 617,347 attacks, then Egypt (492,532), Oman (193,379), Qatar (128,356), Kuwait (106,245), and Bahrain (67,581) followed.

What is phishing?

Phishing is one of the oldest forms of cyber crime, where users are lured to a website and tricked into entering their personal data. This might include financial credentials, such as bank account passwords and payment card details, or social media account login details. This often results in money being stolen or corporate networks being compromised.

A study from tech security company McAfee in May warned of a worldwide increase in cyber criminal activity since March as they attempted to capitalize on the fear and confusion caused by the COVID-19 crisis.

The significant rise in people working from home during the pandemic gives cyber criminals more opportunities to send out phishing emails, industry experts believe. Before the pandemic, more staff worked from offices, which had advanced security systems in place to protect them against cyber attacks.

In June, another study by the Dubai Future Foundation found a rise of 600 percent in phishing emails reported since February, with healthcare facilities at high risk.

The hacker tactics

Cyber criminals have resorted to a range of new tactics to cheat victims by phishing – from HR dismissal mails to attacks disguised as delivery notifications, Kaspersky said.

“At the peak of the pandemic, organisations responsible for delivering letters and parcels were in a hurry to notify recipients of possible delays. These are the types of emails that fraudsters began to fake, with victims asked to open an attachment to find out the address of a warehouse where they could pick up a shipment that did not reach its destination,” Kaspersky said in the report.

Another new tactic used by cyber criminals during the pandemic was to send out emails about changes to medical leave to unsuspecting users. Usually these emails would contain virus-laden attachments which can be used to download and install encryptors.

Remain safe online

Kaspersky experts advise users to check online addresses in unknown communications at all times, whether it is the web address of the site to which they are sent, the link address in a message and even the sender’s email address to ensure that they are valid.

Users are advised not to enter their credentials if they are unsure whether the website is genuine and safe. The cyber security company advises that in case you enter your login and password details on a fake page, call your bank or payment provider immediately to change your password.