Please fill in the form below to subscribe to our blog

4 Pandemic Phishing Scams Coming Soon to a Mailbox Near You

February 10, 2022

Pandemic Phishing Scams Are Still Going Strong


Phishing exploded at the start of the COVID-19 pandemic. In Q2 2020 alone, phishing attacks increased by an estimated 600% as cybercriminals took advantage of a perfect storm of fear, uncertainty and opportunity to launch phishing scams that capitalized on the pandemic’s shifting circumstances. While the phishing landscape isn’t nearly as volatile as it was back then, one thing does remain the same – cybercriminals are still leveraging the pandemic to power their phishing schemes.  


a cartoon image of hands with fingers pointed at an embarrased-looking white woman with a brown bob in professional clothing

Your company’s top security risk is already inside the building. Learn how to fix it with The Guide to Reducing Insider Risk. GET IT>>


Profiting from Omicron 


Cybercriminals love a good news story to harness in their social engineering attacks, and COVID-19 has been very good to them. The Omicron variant is just their latest hook. Phishing attacks using this are the main reason why IT professionals are seeing an increase of more than 500% in phishing attacks around COVID-19 between October 2021 and January 2022. These 4 phishing schemes have been prominent in today’s wave of trouble

Fake COVID-19 Exposure Warnings 

In this phishing variation, bad actors send their intended victim’s phishing emails with a subject line that reads “COVID-19 testing result” or something similar. The bogus message then informs the recipient that they have been exposed to a coworker who recently tested positive for the Omicron COVID-19 variant. The unfortunate recipient is instructed to open an Excel document to learn more about their exposure and what to do next. Of course, the email includes both the password-protected Excel document as an attachment and the password needed to open it

When the recipient of the phishing message opens the Excel document and enters the password, they’re shown a blurred document that looks like it contains data about COVID-19 procedures. The victim is then prompted to “Enable Content” or “Enable Macros” to view the full document. But after the victim agrees to the prompt, they get malware instead of the promised information. In an especially ghoulish twist, some threat actors taunt their victims by displaying an alert containing the phone number for a “COVID-19 Funeral Assistance Helpline”.  

Fraudulent Employee Termination Notices  

In this nasty phishing campaign, threat actors prey on people’s fear of job loss in a time of economic uncertainty to scare them into taking action that enables the bad guys to deploy malware like Dridex using fake employee termination emails. Targets receive emails with subject lines like “Employee Termination” or something equally grim. In a recent phishing campaign of this ilk described by Bleeping Computer, the unfortunate recipient was informed that their employment was being terminated on December 24th, 2021, and that “this decision is not reversible.”  

The phishing messages also include an attached Excel spreadsheet with a name like “TermLetter.xls”. As in the previous case, the password required to open the spreadsheet is also provided. When the recipient opens the Excel spreadsheet and enters the password, a blurred form with the title “Personnel Action Form” or something similar is displayed, along with a prompt to “Enable Content” – which actually enables malicious macros to be executed that create and launch malware through a malicious HTA file saved to the C:\ProgramData folder. 


faint images of US dollars in a pile shaded in rainbow prismatics

Find out exactly how security awareness training makes your company safer & saves money! WATCH NOW>>


Testing Kit Scams 

Consumer demand is high for COVID-19 test kits. Even medical offices and clinics are hungry for fresh testing supplies to keep up with patient demand. Many brands and styles of COVID-19 testing kits are on the market that consumers can purchase online or at a retail store. Government agencies including the US Department of Health and Human Services have also launched programs to provide residents with free or reduced-price COVID-19 test kits. This gives cybercriminals an extra edge in pursuing phishing operations around COVID-19 test kits. Cybercriminals love to exploit government programs or publications for brand impersonation scams with an official-sounding twist.  

In a recent scam, bad actors are launching phishing messages that promote spurious COVID-19 rapid test kits with competitive prices and fast delivery dates to potential targets in the US. Cybercriminals aren’t shy about layering on details that make their messages seem authentic like claiming that their testing kits are CE certified (i.e. they meet EU safety requirements) and are already in use in the European market. Of course, the only thing that the victims will get from this transaction is their account credentials stolen. Other variations that could be especially dangerous for businesses in the healthcare sector hawk all sorts of pandemic-related medical supplies like thermometers, pulse oximeters, freezers for vaccine storage and syringes for vaccine injection. 

Vaccination Status Traps

In another COVID-19 phishing scam, bad actors are once again posing as a company’s HR department with the premise that they’re collecting information about an employee’s vaccination status. This time they’re attaching a COVID-19 vaccination self-compliance report to their malicious message, usually as a PDF. In reality, it’s just bad actors looking to steal account credentials from unsuspecting employees or distribute malware. 


Be the hero that defeats your company’s security threats to declare victory over cybercriminals! GET THE GUIDE>>


Phishing is a Perpetually Surging Tide


Phishing scams are flourishing, and many companies are paying the price. An astonishing 80% of IT professionals in a recent survey said that their organizations have faced an increase in the volume of phishing attacks that they’re combatting, potentially putting more phishing messages into employee inboxes. One contributor to this problem is a lack of security awareness training, especially for employees who are working remotely. Remote workers are much more likely to be careless with an email making them much more likely to be taken in by phishing.  

Security awareness training is a powerful tool for teaching employees smart email handling practices and making them more aware of phishing, improving employee phishing awareness by an estimated 40%. But even with such impressive results, companies are still not undertaking enough security awareness training. In a recent survey by GetApp, 55% of companies don’t provide basic email security training and more than 30% don’t provide any security awareness training for employees at all. That’s incredibly dangerous in today’s heightened risk landscape when some of the most dangerous cyberattacks that companies face arrive as the poisonous cargo of a phishing email. 


Learn 5 red flags that could indicate a malicious insider is at work in your organization! DOWNLOAD INFOGRAPHIC>>


BullPhish ID Makes Security Awareness Training a Snap 


The newly reimagined BullPhish ID is the ideal stand-alone solution for security awareness training that checks off everything on the IT professional’s shopping list, making the training experience better for both trainees and the IT professionals that are tasked with running it. You’ll love:  

Lots of New Training Content  

Choose from a library of training videos designed to distill complex security topics into easy-to-understand, memorable lessons. We’ve just added 15 new videos on a variety of security and compliance topics including passwords, ransomware and HIPAA compliance with more on the way every month! 

Ramp up your phishing resistance training with phishing simulations – 8 new phishing kits have just been added. Plus, choose from plug-and-play kits or customizable kits that can be tailored to fit every industry’s unique risks.  

Track Everyone’s Progress Fast in the New Reporting Module  

Easily track and show progress with easy-to-read monthly and quarterly performance reports that can be accessed anytime. Choose automated reporting and have those performance reports created and delivered to designated recipients automatically.  

Book your demo of the new BullPhish ID today! 


ransomware defense can be complicated by cryptocurrency risk

See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>



let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


Is your password compromised? Find out in seconds!

USE OUR PASSWORD COMPROMISE CHECKER>>


Book your demo of Dark Web ID, BullPhish ID and Passly now!

SCHEDULE IT NOW>>