You know not to click on links in sketchy emails. Everybody does by now. And yet, people fall for phishing attacks all the time. And that's the whole point. If phishing didn't work, attackers would have abandoned it a long time ago. Instead, it's everywhere. Coronavirus-related phishing scams cropped up quickly worldwide in January 2020 shortly after pandemic lockdowns began in China. And the technique is a perennial favorite of criminal scammers and nation state hackers alike.
Phishing scams work by tricking you into clicking on a link or attachment that either infects your machine with malware or takes you to a page that looks totally legit but isn't. Instead, it tries to steal your private information. According to the Anti-Phishing Working Group, about 200,000 new phishing sites crop up each month and campaigns impersonate more than 500 different brands and entities per month. The FBI’s Internet Crime Complaint Center found that US-based phishing victims lost almost $58 million in 2019 alone.