Research - 93% increase in malicious COVID-related domains created using the word ‘Travel’ in the title - Webroot
April 2021 by Webroot
As the UK proceeds with the next stage of its vaccine rollout and gradual reopening of the economy after lockdown, cybercriminals are continuing to exploit the publicity and anticipation surrounding these to target business and consumers in phishing and domain spoofing attacks.
Webroot, a market leader in cyber resilience, has released new statistics revealing a large spike in the number of malicious domains mentioning the words ‘passport’ and ‘travel’ in the first few months of 2021 – as ongoing conversations around vaccine passports and debates around when domestic and international travel will restart continue to dominate the news agenda.
From January 1st, 2021 to March 29th, 2021, Webroot’s Real-Time Anti-Phishing protection system found a 93% increase in malicious COVID-related domains created using the word ‘Travel’ in the title, as well as the following:
• A 79% increase in the use of the word ‘Passport’ in malicious COVID-related domains seen in March 2021 versus the previous 30 rolling days.
o A 233% increase in the use of the word ‘Passport’ in malicious COVID-related domains seen in March 2021 versus April 2020.
o A 3,900% increase in the use of the word ‘Passport’ in malicious COVID-related domains seen in March 2021 versus June 2020.
• A 169% increase in malicious domains using common travel/holiday search terms such as weekend break, cheap, last minute, from February 22nd, 2021 (the date on which the easing lockdown roadmap announcement was made by Boris Johnson) to March 29th, 2021.
• A 71% decrease in malicious domains created using the words ‘testing’ or ‘testkits’ between January 1st, 2021, and March 29th, 2021.
Nick Emanuel, Senior Director of Product at Webroot, has commented on the findings:
“The length and duration of the pandemic has allowed hackers an extended opportunity to hone and craft their domains. The language used in these malicious domains names is highly reflective of current trends, and key events like travel bans introduced globally have a direct impact on how hackers create resources to trick people.
For example, directly after travel bans were implemented, we saw the word ‘passport’ used in malicious domains mostly in the context of providing data on which countries were blocked – e.g. ‘Passportbancountries’ – rather than the context of preparing or enabling travel.
Similarly, the decrease in terminology related to ‘testing’ and ‘testkit’ correlates with the introduction of a comprehensive school testing regime in the UK and we believe the strong supply and ease of obtaining a test has cut down opportunities for scammers on this specific topic. Both examples demonstrate how cybercriminals are carefully grooming news and creating domains that will have a higher percentage of hits.
To protect against these threats, individuals should remain vigilant in scrutinising all links they receive in emails before clicking through. This should also be underpinned by cybersecurity technology such as email filtering, anti-virus protection, and strong password policies.”