New data shows a massive increase between October 2021 and January 2022 in phishing attacks focusing on one of the world’s current concerns for home and in-office testing.

We’ve seen a recent alert from the U.S. Department of Health and Human Services’ Office of the Inspector General about scams focused on “offering COVID-19 tests, HHS grants, and Medicare prescription cards in exchange for personal details, including Medicare information.” So, it’s no surprise to see new data coming in from security vendor Barracuda highlighting a massive increase in the number of COVID-19-related scams.

According to Barracuda, a number of common themes are being seen:

  • Sales of tests, masks, and gloves
  • Fake notifications of unpaid test orders (providing a Paypal account to send payments)
  • Impersonation of testing labs or providers

From what Barracuda is seeing, these attacks are focused on the usual bounty:

  • Personal details
  • Payment / Credit Card information
  • Microsoft 365 credentials

Regardless of the ultimate goal, any of these scams are potentially dangerous; the recent availability of insurance paying for home test kits puts the testing for COVID-19 front and center in the minds of everyone.

But, at the end of the day, these scams still show the usual signs of being fraudulent: impersonated brands, poorly-written email content, and mismatched sender email addresses. Organizations concerned about such scams should consider Security Awareness Training to ensure users are continually vigilant against both the obvious and no-so-obvious COVID-19 scams.