"COVID-19 Was an All-You-Can-Eat Buffet for Social Engineers"

For years, researchers have known that the COVID-19 pandemic was exploited to set up effective phishing attacks and other social engineering schemes. Proofpoint's new research provides more insight into the use of the pandemic by cybercriminal groups, fraudsters, and nation-state hacking groups. The global significance of the COVID-19 pandemic created an environment for exploitation. Prior to COVID-19, Proofpoint researchers had not seen the entire landscape move to using the same social engineering theme. COVID-19 themes were used in campaigns by over 30 known threat actors and many more unattributed threat clusters tracked by researchers. As the world enters the third year of the pandemic, social engineering tactics have continued to evolve, emphasizing the need for decision-makers to remain vigilant of various threat actors and address risks. Although the COVID-19 pandemic has eased down this year, Proofpoint experts discovered that the total number of social engineering campaigns in the first quarter of 2022 remains the same as the average number of campaigns per quarter in 2021. Based on available data, content masquerading as business communications, such as changes to company policy regarding travel, customer interactions, work-from-home arrangements, and potentially termination of employment, generated the most engagement with recipients, with the highest click rate. This article continues to discuss how the COVID-19 pandemic further ignited social engineering attacks.

SC Media reports "COVID-19 Was an All-You-Can-Eat Buffet for Social Engineers"