Microsoft: Under 2% of all daily malspam uses COVID-19 lures

Malicious email campaigns have not increased due to COVID-19. Attackers merely changed lures.
Written by Catalin Cimpanu, Contributor

You've probably read in many places online that cybercriminals are heavily exploiting the current coronavirus (COVID-19) pandemic to trick users into infecting themselves with malware or steal their personal information.

However, in a report published today, Microsoft says that they haven't seen any noticeable spike in malware activity due to the COVID-19 pandemic.

The company says that of the millions of emails it sees and scans daily, only 60,000 include COVID-19 related malicious attachments or malicious URLs, which amounts to less than two percent of the total malicious email (malspam) traffic.

Instead of a spike in traffic, Redmond says that cyber-criminals have merely changed email templates and subject lines (lures), switching from regular invoice-themed lures to COVID-19-related topics.

This includes sending out email campaigns impersonating established entities like the World Health Organization (WHO), the Centers for Disease Control and Prevention (CDC), and the Department of Health.

Image: Microsoft

Microsoft says that this trend -- of switching from regular phishing lures to COVID-19 themes -- has been seen not only in day-to-day cybercrime gangs like Emotet and Trickbot but also with state-sponsored groups, something that ZDNet caught on and reported last month.

And per Microsoft, everyone's been targeted, with no exception.

"Every country in the world has seen at least one COVID-19 themed attack," the OS maker said today.

SmartScreen blocks 18,000 COVID-19-related URLs per day

But Microsoft also said that its security systems aren't only active in preventing COVID-19-themed attacks at the inbox level.

The Redmond-based company says that it also detects users navigating to coronavirus-related domains via its SmartScreen technology, an URL scanning technology included with its Edge browser.

"In a single day, SmartScreen sees and processes more than 18,000 malicious COVID-19-themed URLs and IP addresses," Microsoft said.

This suggests crooks are driving traffic to coronavirus-themed scam or malware sites through a multitude of methods, and not just email campaigns.

"While phishing email is a common attack vector, it's only one of the many points of entry for attackers," Microsoft said.

Other common attack vectors may include malicious ads, links on public forums and social networks, or SMS and IM (instant messaging) spam.

Because of this broad attack surface, Microsoft urges users to be vigilant, but also to follow basic security practices, such as installing an antivirus and enabling multi-factor authentication for online accounts.

Innovative projects now online to combat coronavirus outbreak

Editorial standards