Spear-phishing is a type of email or digital communication fraud that targets a particular person, organization, or company. While fraudsters usually aim to steal data for vicious intentions, they also might seek to install malware on a selected user’s device. During the COVID-19 pandemic, spear-phishing crimes have dramatically increased. According to the FBI, phishing scams have cost the country $57 million. Phishing has increased by 220 percent since the start of the epidemic (Chopvitayakun, 2019). According to Google’s Transparency Report, in 2020, they would detect an average of 46,000 new phishing websites each week. Since the beginning of the pandemic, Google has identified 2.02 million phishing domains (Chopvitayakun, 2019). This represents a 19.91 percent rise throughout 2019.
The above suggests that the Coronavirus pandemic gives attackers an advantage in conducting further web scams. KnowBe4 recorded a 600 percent increase in phishing pages and attacks referencing COVID-19 in the first quarter of 2020 (Chopvitayakun, 2019). In April 2020, Google announced that they were suppressing 18 million emails each day linked to the epidemic. Phishing has grown dramatically as a result of a rise in internet use as people were forced to telework from home, as well as an increase in paranoia and confusion about the current pandemic. The types of phishing attacks, the strategies used by hackers, and what users could do to prevent and these frauds are listed below.
First, there is deceptive phishing, where the perpetrators pretend to be a legitimate company to have login details and personal data from victims. To these fraudsters, deceptive phishing is more effective as millions of emails are being sent over the Internet. The attackers send both threatening and frightening emails to their target and force them to do what they want. The culprits apply various techniques such as the use of legitimate links, redirects, shortened links, or blend malware that is sent to victims by email (Banda et al., 2019). This sort of phishing is most often associated with PayPal and Apple messages informing users that their accounts have been blocked. Users should pay particular attention to the emails and thoroughly examine the URLs. It could be a con if the sending address is a long string of digits. One should look for grammatical errors, standardized pleasantries, and misspelled words.
Second, there is vishing, where the invader calls the victim using either a conventional phone system or voice over Internet protocol systems and, in the process, steals their confidential data. The attackers pretend to be representatives or customer care agents, and they convince the client to give their personal information. Attackers use the mumble tactic to babble a reply to a query in the expectation that their response will persuade the customer service representative or agent. Attackers will imitate in-house technical support by using legal terminology and implying to the representative that there are urgent matters, which might persuade the person to supply their details (Banda et al., 2019). To avoid being a suspect, avoid answering calls from unfamiliar contacts, never send out personal details, using a caller ID app.
Thirdly, there is whaling phishing, where CEOs are the intended victims of this kind of phishing. Spear phishing attacks everyone in an organization, even executives; this form of attack is more often referred to as “whaling.” Attackers harass executives to hack their login information. When attackers use the stolen email address of the Chief executives or other high-ranking administrators to sanction illegal wire transfers to a finance company of their choosing, this is known as CEO fraud (Jan & Sheikh, 2020). They will use the same email address to perform W-2 phishing, wherein they request W-2 data from all staff to file bogus tax returns on the victims’ behalf or steal their details and publish them on the deep web.
Fourthly, there is pharming which is a technique that uses cache poisoning to attack the domain name scheme (DNS). An intruder can target a DNS server and alter the Address aligned with the alphabetical website address in a DNS cache compromising attempt. The hacker can redirect visitors to a fake link. Even if the victim specifies the right site name, this will also occur. Spam email coding is a strategy used in pharming, in which cybercriminals send out emails containing malware that modifies host files on the recipient’s device.
The changed host files would then route all URLs to a site controlled by the hackers, allowing them to install ransomware or steal the victims’ details. Another tactic in which actors will not attack actual users’ machines but will instead go straight to a DNS site is to invade the DNS server (Hutson, 2017). Organizations should defend themselves by instructing their staff to access login details only on HTTPS-secured pages, installing anti-virus software on all company computers, and performing routine database upgrades.
Fifthly, there is spear-phishing, where attackers create harmful emails, target a specific organization, and try to deceive the receiver into believing that they are business associates. As most online businesses send automatic feedback to customers through emails, the clients are at a greater risk of being targeted. Moreover, these criminals use malicious emails where they send to the victim requesting personal information. The harmful documents are kept on cloud-based services, which can be in the form of Google Drive or Dropbox (Chopvitayakun, 2019). This may allow malware to be installed if the victim clicks on the link once it is made available in their mailbox. The link usually directs the user to particular sites that request them to enter their credentials. The occurrence will enable the hackers to have access to the target’s account and allow them to gain all the information they need from the person.
References
Banda, R., Phiri, J., Nyirenda, M., & Kabemba, M. (2019). Technological paradox of hackers begetting hackers: A case of ethical and unethical hackers and their subtle tools. Zambia ICT Journal, 3(1), 40-51. Web.
Chopvitayakun, S. (2019). Mobile application implementing location based services framework with google cloud platform integration: SSRU development case. International Journal of Future Computer and Communication, 8(4), 119-122.
Hutson, M. (2017). Are you lying about your identity? Artificial intelligence can tell by how you use your mouse. Science.