The evolving cyber threats and implications of COVID-19

The importance of staying vigilant during challenging times

Kyle Kappel

Kyle Kappel

Cyber Security Leader, KPMG US

+1 949-431-7359

Ron Plesco

Ron Plesco

Principal, Cyber Security, KPMG US

+1 717-260-4602

Cyber threat actors and organized criminals are attempting to exploit and cash in on our need for information related COVID-19. This coupled with the exponential shift to a remote workforce has exposed new attack vector(s) for exploitation by these nefarious groups. COVID-19 themed spear-phishing campaigns were launched immediately in concert with the World Health Organization’s declaration.

These phishing campaigns fall into three main categories:

  1. Personal information: In exchange for information related to government economic stimulus checks, loan or mortgage abatement, airline refunds, or other types of economic relief. 

  2. Fraud: These take the form of brokerage or retirement emails that result in an account takeover (e.g., “In light of COVID, we’re asking you to move your money to a different account.”), fake charitable contributions, fake cures, counterfeit testing kits and vaccines, or counterfeit personal protective equipment.

  3. eCommerce: With more people at home and ordering online, the order volumes have increased exponentially.  Fraudsters are using this to hide in the volume through the following types of phishing schemes: ATO (account takeover) of dormant accounts and return/refund/replacement fraud.

Now more than ever, it is important for organizations to remain vigilant as these threats continue to emerge.