Coronavirus Phishing Attacks – Most of Them Have US IP Addresses

The majority of the COVID-19 malicious emails and phishing attacks came from the US IP addresses, reports INKY.

Coronavirus-themed phishing emails have been attacking several inboxes since January
2020 – when the novel virus started to spread. The cybercriminals pushed different scams to people globally via coronavirus-related content and organizations to make people open
malicious emails, links, or files.  According to the FBI’s Internet Crime Complaint Center, the phishing attacks are now 3X, with the pandemic concerns became widespread.

INKY, the anti-phishing firm has recently studied the phishing emails pattern for months and published its new report, titled “Around the World in 34 Phish: COVID-19 Phishing Examples.” It found that most of the malicious emails’ IP addresses originated from the United States.

Dave Baggett, CEO at INKY, mentioned in the company blog post, “The majority of our users are American. Phishers prefer to target victims within their own geography because it’s easier to research and impersonate since it’s the same culture and language.” He also noted that the IP addresses could be spoofed by more skilled non-American attackers to evade geographical filters.

The researchers from INKY in-depth analyzed the 34 phishing email templates that it has
discovered in its work, protecting clients over the past few months. It was found that about
44% were from North America, 26% came from European countries and nearly 18% from
Asia. Besides, the researchers also found that most of these attacks involved malicious
attachments or links.

The hackers behind these malicious acts made an effort to imitate many different entities or people as possible. Many emails alleged to come from government bodies like the CDC or WHO and notable brands, insurance organizations, and as a person’s employer. Dave Baggett also mentioned, “Scammers are creating campaigns relating to bonus reports, COVID-19 disaster relief, pandemic food distribution, office shutdowns, FedEx packages, quarantine protocols, and even information from the World Health Organization (WHO) and the White House.”

Cybercriminals even used with real accents to make those emails look legitimate. Many
emails included valid information from government agencies on how people can guard
themselves against the virus. Some also contained financial payments or relief donations for SMBs from the CARES Act. For instance, one such includes legitimate data about a
company’s telework guidelines, and some are drafted with potentially useful information
about COVID-19, which is signed by President Donald Trump and the White House.

The study also found that the most concerning new trends with the phishing emails were
the ones that had real company logos, copyrights, trademarks, and HTML/CSS.