Get all the latest news on coronavirus and more delivered daily to your inbox. Sign up here.
Hackers want a piece of the recently passed $2.2 trillion federal economic stimulus package aimed at helping the U.S. economy recover from the coronavirus pandemic.
As new website domain registrations soar in the wake of the stimulus package, nearly 30 percent were found to be suspicious out of the 2,000 or so new domains registered in March, according to research from Check Point Software, a cybersecurity firm.
In the week following March 16, when the government proposed the stimulus package, the number of new domains jumped 3.5 times over the previous weeks, Check Point added.
CORONAVIRUS PANDEMIC CAUSES US BANKS TO ISSUE INTERNET FRAUD ALERTS
“Hackers and threat actors want to cash in on the rush to get these vital payments and fill their own pockets at the expense of others,” the cybersecurity firm explained.
To do this, scammers are tweaking the phishing techniques that have worked successfully for them since the start of the pandemic earlier this year.
Recent statements from Google back up this jump in malicious activity.
During the week leading up to April 16, Google saw more than 18 million daily malware and phishing emails related to COVID-19 scams on top of the 240 million daily spam messages it sees related to the pandemic.
Google also said it is seeing increased stimulus-package-related phishing of employees working from home and of small businesses.
Those duped into clicking on malicious links “risk having their personal information stolen and exposed, or payment theft and fraud,” Check Point said.
In one example cited by Check Point, emails were sent with the subject line of “COVID’19 Relief Funds” and ask the recipient to “Please confirm your ID.” Then a “Reconfirm” button directs the recipient to a phishing login page.
OVER 500K ZOOM ACCOUNTS BEING SOLD ON DARK WEB, RESEARCHERS FIND
ATTACKS SPIKE
This is happening against a backdrop of a "huge increase in the number of attacks," Check Point said, to an average of 14,000 a day, six times the average number of daily attacks compared to the previous two weeks.
During the week starting April 7, the average number of daily attacks increased to 20,000.
A whopping 94 percent of coronavirus-related attacks during the past two weeks were phishing attacks, the report continued.
To avoid these malicious campaigns, Check Point warns against clicking on promotional links in emails. Instead, perform a search on Google on the company or organization and click the link from the Google results page. And don't reuse passwords across multiple accounts.
Google, for its part, said it has put monitoring in place for COVID-19-related malware and phishing.
As soon as the tech giant identifies a threat, it is added to a Safe Browsing API, which protects users in Chrome, Gmail and all other products, Google said. Safe Browsing warns users when they attempt to navigate to dangerous sites or download dangerous files.
CLICK HERE FOR COMPLETE CORONAVIRUS COVERAGE
As of Thursday morning, more than 2.65 million coronavirus cases have been diagnosed worldwide, more than 843,000 of which are in the U.S., the most impacted country on the planet.