Phishing continues to target big businesses and exploit COVID-19 fears in Q2 2021

Image: Vladimir Obradovic, Getty Images/iStockphoto

Despite a emergence successful planetary spam numbers, adoption of caller languages by phishing attackers, caller scam types and a displacement successful the astir commonly impersonated concern benignant to phish people, Kaspersky's Q2 2021 quarterly spam report is described by its authors arsenic "not delivering immoderate surprises." 

"In Q2, arsenic we expected, cybercriminals continued to hunt for firm relationship credentials and exploit the COVID-19 theme," the study said. 

SEE: Security incidental effect policy (TechRepublic Premium)

That's not to accidental determination wasn't thing really absorbing successful Q2 phishing and spam statistics: The percent of email that's junk is up to 46.56% aft bottoming retired successful March 2021, and planetary net portals person displaced online stores arsenic the concern benignant astir commonly impersonated by cybercriminals successful phishing campaigns.

Scammers person besides been cleverly exploiting pandemic-related message and proviso concatenation disruption to lure victims. One website that Kaspersky uncovered purported to beryllium a Russian Post website wherever visitors could bid connected undelivered packages based not connected content, but by weight. Winners were told they would person their package, which ne'er arrived. 

Messages claiming postage was owed, oregon an bid outgo hadn't been completed, were commonly seen arsenic well, and mostly contained attachments loaded with malware that claimed to beryllium an invoice. These messages, successful particular, surged successful Q2, with galore attackers branching retired into caller languages to find much victims. 

In summation to exploiting pandemic-related message slowdowns, attackers person besides been scamming the nationalist with fake COVID-19 assistance emails. Users are asked to supply slope paper details successful bid to disburse funds, which ne'er arrive. 

Also communal successful Q2 2021 were fake attachments that nonstop concern users to fake Office365 oregon different concern bundle login portals, fake online movie streaming scams and concern and property-related scams, which Kaspersky described arsenic "a funny takeaway" arsenic those attacks spiked successful Q2. 

Attackers are besides getting astute successful however they people definite scams. WhatsApp, purchased by Facebook successful 2014, was much tightly integrated with Facebook successful aboriginal 2021, and scammers rapidly adapted to that change. Chat oregon connection scams that invitation users to chat with "beautiful strangers" redirect users to a Facebook login phishing page. Emails to WhatsApp users person besides been recovered to incorporate malware that tin impact mobile devices. 

The champion happening users tin bash is beryllium wary of immoderate unexpected emails and beryllium precise cautious astir clicking connected immoderate email attachments oregon links—go to the website directly," said Kaspersky elder web expert Tatyana Shcherbakova.

SEE: How to negociate passwords: Best practices and information tips (free PDF) (TechRepublic)

As for what to expect successful Q3 2021, Kaspersky said that businesses volition proceed to beryllium the astir fashionable targets, and that COVID-19 scams volition proceed to bent astir successful 1 signifier oregon another. The study besides predicts a emergence successful vacation-related scams arsenic the question play continues, and Olympic Games-themed scams successful the aftermath of the Tokyo games. 

Also spot

• How to go a cybersecurity pro: A cheat sheet (TechRepublic)
• Security threats connected the horizon: What IT pro's request to cognize (free PDF) (TechRepublic)
• Checklist: Securing integer information (TechRepublic Premium)
• Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)