Menlo Security thwarts Covid-19–Related phishing attacks

Threat actors can be ruthless. They use social engineering to comb through people’s personal and professional lives to uncover details that they can use in spearphishing campaigns to manipulate users into unwittingly downloading malware or giving up their credentials

This tactic often takes the form of finding out an application or vendor the person uses and spinning up a legitimate-looking email from a trusted brand with a believable call to action, such as approving a transaction or logging in to a Software as a Service (SaaS) platform. The most evil spearphishing campaigns take advantage of current events such as natural disasters and tragedies to prey on people’s emotions, vulnerabilities, or good will.

Covid-19 has provided a particularly large opportunity for attackers to use this heinous deception. Malicious actors around the world are taking advantage of the global pandemic and its fallout to trick users. It’s sick and disturbing and desecrates the memory of the more than 400,000 people globally who have died of the disease to date.

But, unfortunately, it’s effective.

According to industry data, phishing attacks have a 30 percent or higher success rate—the most successful of any threat category. This is scary when you consider that all it takes is a single click by one user to put an entire organization at risk. 

Menlo Security Research is constantly analyzing threat data across our customer base to uncover trends that could help us protect our users. Sure enough, we saw a spike in Covid-19–related phishing attacks in the first three months of 2020. In fact, 50 percent of all phishing attacks impersonating financial services companies leveraged a Covid-19 topic.

Many companies sent communications to customers warning of the attacks, citing attempts they had uncovered that offered medical products, guidance, or a safe haven for money, but their warnings weren’t enough. Our data reveals that a single Covid-19–related attack targeting HSBC customers in Hong Kong, Singapore, and Australia had had a 3 percent success rate—lower than the industry average, yet still successful. Menlo Security customers were not impacted—even the users who clicked on the malicious link. Instead, the content was isolated in a remote web browser in the cloud while web forms were rendered in read-only mode. This prevented the malware from downloading on users’ devices and stopped users from divulging their login credentials.

Not everyone was so lucky. It’s likely that more than a few HSBC customers who aren’t protected by Menlo Security were duped and had their devices compromised. From there, who knows what systems the attackers were able to infiltrate.

Of course, HSBC customers aren’t the only ones being targeted. Other Covid-19–related attacks that Menlo Security stopped included impersonated official communications from Wells Fargo, Capital One, and FirstBank in the U.S. In the FirstBank example, users were directed to a legitimate-looking website where they were prompted to input their credentials in a fake web form. As you can see in the screenshot below, the attacker attempted to steal customers’ usernames, passwords, account PINs, email addresses, and email passwords. Armed with this information, threat actors would be able to wipe out a customer’s account balance in a matter of minutes.

Phishing page impersonating FirstBank asking for account PIN, email address, and email password

It’s not surprising that malicious actors would use a global pandemic to take advantage of people. They are, after all, malicious. It’s up to organizations to protect users from spearphishing and other cybersecurity threats that use email as an attack vector.

Learn how Menlo Security helps Fortune 500 companies keep users safe from phishing attacks.