With the coronavirus (Covid-19) pandemic shutting down major parts of the global economy, governments are responding with massive stimulus packages aimed at supporting businesses and individuals.
In the U.S. alone, the federal government is rolling out a $2 trillion package of Economic Impact Payments to help give the economy a shot in the arm and prevent a crash.
And of course, where there’s money, there will also be criminal activity. Hackers and threat actors want to cash in on the rush to get these vital payments and fill their own pockets at the expense of others.
To do this, they are evolving the scam and phishing techniques that they have been using successfully since the start of the pandemic in January. Google recently reported that in just one week from 6 to 13 April, it saw more than 18 million daily malware and phishing emails related to Covid-19 scams – and that’s in addition to the 240 million daily spam messages it sees related to coronavirus.
The researchers from Check Point have found that since January, a variety of domains related to coronavirus-related stimulus or relief packages have been registered globally. A total of 4,305 domains relating to new stimulus/relief packages have been registered:
- In March 2020 – a total of 2081 new domains were registered (38 malicious; 583 suspicious)
- In the first week of April – 473 were registered (18 malicious, 73 suspicious)
- We’ve also seen a major increase in the week starting March 16 during which the American government proposed the stimulus package to taxpayers. The number of new domains registered that week was 3.5 times higher compared to the average of previous weeks
These scam websites use the news of the coronavirus (Covid-19) financial incentives, and fears about Coronavirus to try and trick people into using the websites or clicking on links. Users that visit these malicious domains instead of the official Government websites risk having their personal information stolen and exposed, or payment theft and fraud.