The 3 worst email and spam attack campaigns of 2020

The 3 worst email and spam attack campaigns of 2020

2020 was a tough year for all of us in Las Vegas and across the United States, but cybercriminals were determined to make it even tougher. True to form, internet crooks exploited everything they could just to bilk hard-earned cash out of innocent folk.

Here are the themes of the worst email and spam attack campaigns of 2020:

COVID-19

Not even the coronavirus pandemic was off-limits to exploits, as spammers used the still-changing status of COVID information to dupe even the most informed people. A common COVID-19 email scheme works as follows: Unsuspecting victims receive authentic-looking emails from a scammer pretending to be the CDC. These emails come complete with professional-sounding content and links claiming to lead to online resources for infection prevention measures, COVID-19 statistics, or information about treatments and vaccines. In reality, these links lead to pages that download malware such as keyloggers and ransomware into computer systems.

A variation of this spam attack is email purporting to be from the US Department of Health and Human Services. Often, it contains fake links to “register for mandatory COVID-19 testing,” but cybercriminals also use other illnesses such as breast cancer for similar spamming activities.

Stimulus checks and small business loans

With the pandemic hitting the economy significantly, it became critical for government aid to quickly reach people and companies alike. This left many people scrambling for whatever information they could get their hands on so they could receive aid. Unfortunately, many scammers used this situation to steal private information and money.

Related article: Why email security matters

The typical course of action scammers took was to pose as Better Business Bureau workers. They would press unsuspecting individuals to divulge private information under the pretense that it will help expedite benefit payments. Despite the fact that the government has always sent stimulus checks directly to bank accounts based on information they already had, many people were still duped into divulging personal information to scammers.

Presidential elections

Elections-related email scams were more intricate and involved more daring crooks. In this scam, con artists would pose as volunteers for the political parties. They would request private information under the pretense of registering voters or soliciting donations, and they would actively respond so as to maintain the ruse. Once the victim fills out forms asking for their Social Security and/or credit card numbers, the game is over.

These are intricate scams because the crooks would invoke patriotism, freedom, and other buzzwords many Americans have strong feelings for. They would go as far as to stoke extreme opinions on race and current events just to gain their victims’ trust.

How can you avoid email scams?

Firstly, email scams can be avoided by maintaining as little an internet presence as possible. Social media sites often stockpile user information — especially email addresses — to tell their users apart. This alone is harmless since social media sites are bound by privacy laws and user agreements. The trouble comes when they suffer a data breach or leak, which often results in user information becoming accessible to unsavory characters.

Related article: Simplify your email management with these Gmail tricks

The first line of defense for your company should be a strong culture of privacy. Develop robust email policies, such as instructing employees to only use their office email addresses for official business and using management software that will inform you of breaches. Establishing these measures will significantly lower the risk of email addresses falling to the wrong hands.

“The first line of defense for your company should be a strong culture of privacy”


It’s also important to train your staff to be vigilant about email scams and be familiar with ways to identify potential email spam attacks. They can also use built-in tools and features in their email portals to filter out scam addresses and the like.

Beef up your cybersecurity and email management with trusted managed services providers like Kortek Solutions. Contact us today to learn more.