There has been a steady increase in the number of COVID-19-related email attacks since January, says Barracuda Networks, but there has been a recent spike, up a whopping 667% since the end of February.

Between March 1 and March 23, researchers detected 467,825 spear phishing email attacks, and 9,116 of those detections were related to COVID-19, representing about 2% of attacks, Barracuda said. In comparison, a total of 1,188 coronavirus-related email attacks were detected in February, while just 137 were detected in January.

"Although the overall number of these attacks is still low compared to other threats, the threat is growing quickly," Barracuda said in a statement.

Three types of attacks

Barracuda researchers have seen three main types of phishing attacks using coronavirus COVID-19 themes: scamming, brand impersonation, and business email compromise. Of the attacks detected through March 23, 54% were scams, 34% were brand impersonation attacks, 11% were blackmail, and 1% were business email compromise (BEC).

"We expect to see this trend toward more sophisticated attacks continue," the company said.


A variety of common malware are being distributed through phishing attacks, especially variants that allow attackers to deploy different payloads through the same malware. The first malware reported utilizing coronavirus was Emotet, a popular banking Trojan, which went modular last year.

LokiBot is another malware that often aims to steal login credentials and data and has been distributed in at least two different phishing campaigns that Comodo has tracked, according to Barracuda. One campaign used the premise of attached invoices, which contained LokiBot, but added an apology for the delay in sending the invoice due to coronavirus. The other campaign claimed to be a news update and "1 thing you must do" and contained a link to the malware.

Barracuda has seen multiple examples of emails using the invoice premise, which was detected more than 3,700 times.

Credential theft

COVID-19 is also being used as a lure for phishing attacks with links to spoofed login pages. One such variant that Barracuda detected claims to be from the CDC and attempts to steal Microsoft Exchange credentials when the malicious link is clicked.

How to Protect Yourself

While phishing emails leveraging coronavirus are new, the same precautions for email security still apply. Barracuda advises the following:

  • Be wary of any emails attempting to get you to open attachments or click links.Anti-malware and anti-phishing solutions can be especially helpful to prevent malicious emails and payloads from reaching intended recipients, but even with such protections in place, caution should always be used since no solution catches everything.
  • Watch out for any communications claiming to be from sources that you normally would not receive emails from.These are likely phishing attempts. While receiving coronavirus-related emails from legitimate distribution lists to which you belong is becoming common, emails from organizations that you do not regularly receive messages from should be scrutinized closely. For example, the CDC is not going to be sending out emails to anyone who doesn't regularly receive emails from them already. 
  • Use caution with emails from organizations you regularly communicate with. Brand impersonation is quite prevalent in coronavirus-related email attacks, so use caution opening emails from organizations you expect to hear from. This especially applies to those in the healthcare industry since it is being targeted by cyberattacks trying to capitalize on the pressure resulting from handling an influx of coronavirus cases. 
  • Find credible charities and donate directly.A common tactic for coronavirus-related scams is asking for donations to help those affected by the pandemic. To avoid falling victim to one of these attacks, don't respond to email requests for donations. Instead, find credible charities helping with coronavirus efforts and donate directly through them. It's also highly unlikely that any legitimate charities are taking donations through Bitcoin wallets, so seeing that in an email should be a red flag.

As always, if you have any questions or concerns about phishing threats or how to protect yourself, your remote workers and your business, please call us at

(636) 542-8653 and we will do anything we can to help you.

To read the complete post from TechRepublic Click Here.