US experiencing rise in COVID-19-themed phishing attacks

The U.S. has been experiencing a new wave of phishing attacks leveraging COVID-19-themed lures targeted at small businesses following a hiatus in the summer, BleepingComputer reports. Malspam volumes using COVID-19 themes last month were two times higher than during the last three months, with further increases expected, a report from INKY revealed. Phishing emails used in the latest attacks have been spoofing the U.S. Small Business Administration, which has previously managed COVID-19 financial recovery programs, while Google Forms has been exploited for hosting the phishing pages meant for exfiltrating business owners' personal information. Threat actors have been using pandemic financial support programs as lures in the phishing emails, which include an embedded button redirecting to a Google Forms page that prompts victims to input their Google account credentials, State IDs, Social Security numbers, bank account numbers, driver's license information, and employee identification number, according to researchers. The findings should prompt business owners to be more vigilant and suspicious of emails providing financial support, researchers added.