Popular Techniques Used by Cybercriminals Amid COVID-19

(Editor’s Note: Gary Stevens, a technology writer, is posting as a guest author to carbonblack.com).

Cybercriminals constantly leverage fear and confusion by launching cyberattacks during major world events. Such attacks are mostly carried out with social engineering campaigns using malicious emails that attract victims to install malware that steals financial data and other valuable personal information, or oftentimes, they will transform a user’s device into a crypto-mining robot.   

In light of the COVID-19 crisis, we looked into the VMware Carbon Black Cloud attack data to evaluate how the move to remote work affected how cyber attackers stepped up their campaigns; when certain campaigns were initiated, and which industries are by far the most commonly targeted. 

What distinguished this crisis from previous crises is its immediate and rapid effect on the cybercrime economy, with criminals leaving no stone unturned in their attempt to unleash Coronavirus ransomware. The following are the many scams found along with best practices in protection as we see an increasing surge in attempted fraud.

Account Takeover (ATO)

Account takeover is a commonly reported scheme where fraudsters use stolen data credentials to gain access to customer accounts. Setting a secure and strong password is the first step when it comes to protection against cybercrime. But, knowing that children around the world are out of school during this time, fraudsters reach out directly to children, hoping to access their gaming and other online accounts. 

One approach involves obtaining the login information and password of a player to “edit” their account. Instead, their new “online friend” takes over the account, who immediately changes the password and steals hundreds of dollars in expenses credited to the registered credit card.


There’s no scarcity in phishing scams exploiting COVID-19 fears, but among the most blatant examples we’ve found are phishing emails claiming to come from the World Health Organization (WHO). Preying on fear is a common phishing technique, but preying on someone’s fear of getting their identity stolen or their credit ruined is one thing. It is quite another to prey on their fear of a new, often deadly disease. 

In one example, the fraudster poses as a doctor promising to exchange details on security measures to protect against the global pandemic. If an unwitting target then clicks on the link in the email, malware gets installed that instantly starts to collect private information from the receiver’s computer in order to gain remote access to their network system or steal the user’s contacts’ information to enable the scammer to send the same email to connections or friends of the receiver. 


During the COVID-19 pandemic, the financial sector has been increasingly targeted. Between February and May, the VMware Carbon Black Cloud attack data showed a 238% rise in cyberattacks against financial institutions, raising questions as to the effectiveness of current preventative measures against becoming ransomware victims. It is interesting to see how the majority of attacks have shifted to larger financial organizations, indicating that as retail organizations moved to remote business models, their attacks may have actually dropped as attackers switched their methods. 

An unusual attack included one by a scammer who sent an email to bank customers urging them to contact the bank to fix a missed payment. The email included a VoIP number (as in “v” for “vishing”) to call instead of a malicious link. In the guise of aid, this scammer dropped a powerful incentive to users who may have lost their income or suffered financially from the ongoing pandemic. 

Although vishing attacks typically involve an unsolicited VoIP call from someone claiming to represent a bank or other entity, this newer form of attack, called reverse vishing, uses emails, web advertisements or social media posts to convince potential victims to call a fraudster-controlled phone number.


A smishing attack is a phishing attack that makes use of SMS texts instead of email messages. Fraudsters now add a coronavirus twist to this tried-and-true scam. Someone pretending to be from the HMRC, the U.K. Tax agency (comparable to the U.S. IRS) reports of a “goodwill reward” reportedly part of the government’s attempt to counter COVID-19. 

Other popular ones popping up are part of a new fraud pattern involving loyalty points, where a text pretending to come from a rewards company entices the user with a bonus point bid. Usually, these attempts seek to manipulate anyone who responds to offering account details as a condition for accepting the payment or points being provided. 

Social Media Attacks

Not all cyberattacks are created equally. There are certain types of spyware and ransomware that – with a reasonably high-fidelity malware scanner – can be easily handled. However, the malware we are exposed to on a daily basis is not that easy to detect, as the social media attacks have proved. 

This method was truly well thought out by the criminals behind it. At first glance, the target would receive a message via social media that would appear like a credible social media message from one of the big retailers who want to gift the receiver with a shopping spree. 

As with so many other examples in this article, the cybercriminal uses COVID-19 as a cover for false generosity. But what fraudsters really want from these types of social media attacks is for the user to click on their post or ad, as well as provide their personal data or unknowingly subscribe to costly services in order to make some money. 

For these cybercriminals, the best thing their victim can do in addition to providing their details or is to share the fake post with their friends and family so that even more victims can be deceived into providing their particulars. 

Avoid Becoming a Victim

While cybercrime is more severe than most of us can imagine and includes the breaching of government agencies, hospitals, and healthcare providers, it is important to realize that the above-mentioned scams can all be avoided if we all start acting smarter online. 

People typically forget that personal finance is not about how much money you make but rather about your financial strategy and planning. The same can be said about a good cybersecurity policy or strategy. It’s about the small steps we take to protect ourselves. According to the Federal Communications Commission (FCC) website, these tips can also be used to avoid falling victim to fraud scams: 

  • Do not respond to calls or texts from unknown numbers or those that seem suspicious.
  • Never share your personal or financial details via email, text, or phone.
  • Be vigilant if you are forced to share details or pay immediately.
  • Scammers frequently spoof phone numbers in order to get you to respond. Remember, financial institutions and government agencies will never call you for personal information or money.
  • Do not open a suspicious link in any text message. If a friend sends you a text that seems out of character, rather call them to make sure they were not hacked.
  • Always verify a charity before making a donation (for example, by contacting them or browsing their actual website).


As the fight against COVID-19 unfolds worldwide, it should be clear that cybercriminals will continue to threaten vulnerable groups and organizations. Modern cybersecurity is about keeping up with the attackers and remaining vigilant. 

However one of the only ways to do this is through detailed understanding that can only be gained through the study of big data. Without these analytics, businesses can only rely on detecting and preventing attacks by using known methods and preventative actions, leaving them vulnerable to the latest, emerging attacks.

The post Popular Techniques Used by Cybercriminals Amid COVID-19 appeared first on VMware Carbon Black.