Spear phishing is a personalized phishing attack that targets a specific organization or individual.
These attacks are carefully designed to elicit a specific response from a specific target.
For example, one such scam claims to be from the World Health Community (which doesn’t exist but may be trying to take advantage of similarity to the World Health Organization) and asks for donations to a Bitcoin wallet provided in the email.
In addition to widespread credential harvesting from information-stealing malware, phishing attacks with links to spoofed login pages are also using coronavirus COVID-19 as a lure. One such variant claims to be from the CDC and attempts to steal Microsoft Exchange credentials when the malicious link is clicked. An example of the email and the phishing page is shown below.
A wide variety of email login pages are commonly spoofed by attackers, targeting the email portal users are accustomed to when this mail server information can be scraped by attackers.
( Information and screenshots courtesy of Barracuda Blog – https://blog.barracuda.com/2020/03/26/threat-spotlight-coronavirus-related-phishing/ )