Premade COVID-19 Themed Phishing Templates Copy Government Websites

covid-19 phishing scamsThreat actors are looking for new opportunities to take advantage of people's fears during the pandemic. Their efforts are creating fake websites with a COVID-19 theme that aims at stealing credentials. Over the last few months, security researchers noticed an increase in COVID-19-themed credentials phishing websites and templates that imitate the brands of NGOs and government organizations. Affected organizations include the World Health Organization (WHO), the Internal Revenue Service (IRS), the Centers for Disease Control (CDC), and the UK, Canadian and French governments.

This Week In Malware Ep 11: Hackers Thrive on Covid-19 Themed Ransomware & Malware Attacks

More than half of over 300 COVID-19-themed phishing campaigns in circulation since the start of 2020 have been focused on user credential theft. The templates allow cybercriminals to create high quality, malicious domains to add more authenticity to their phishing efforts. These templates have multiple pages, adding to the complexity of the scam.

Credential phishing attacks are made with the idea of luring their victims with themes that fit the situation or the person, using websites to harvest credentials. The sudden growth of COVID-19 related phishing attempts started in March 2020, with a peak in March and dropped in April, showing saturation of this scheme.

Templates were seen copying the WHO logo and looking to get the feel of the organization's legitimate website, down to the color scheme and logo. The malicious template is made to obtain a visitor's username and password whenever they decide to gain access to information about COVID-19 safety measures. Some of those websites were imitating their legitimate counterparts even down to language selection options.


More than 300 different campaigns were seen since the beginning of 2020, across almost every industry. Threat actors behind these were running from established cybercriminal groups to currently unknown individuals. Although most of these efforts are in English, security researchers spotted campaigns in Spanish, Portuguese, Italian, French, Turkish, Japanese, and other languages.

Threat actors and scammers are following the current trends and evolving their operations as the COVID-19 pandemic develops. They are also adapting their efforts to match the interests of the general public. Governments and companies moved toward financial support, and that caught the attention of criminals who moved on to target those who would benefit from those funds, using them as themes for phishing campaigns and malware.

Similar developments are expected as the situation unfolds, and the pandemic slowly spreads. Threat actors are likely to keep up with the cybersecurity community's efforts to thwart them, so users are advised to be wary of suspicious emails and websites. Staying vigilant is a necessity to avoid falling prey to the schemes of scammers and hackers.