The COVID-19 vaccination drive is crucial in the world’s battle against the pandemic, but it also presents cybercriminals with new opportunities to launch attacks.
Emails and ads for COVID vaccines may allure you, but they’re not authentic. Fraudsters are using phishing emails and fake ads to trick you into giving them access to your personal information.
According to security firm Barracuda Networks, vaccination-related Business Email Compromise (BEC) and phishing attacks witnessed a jump of 26 percent in three months. Fraudsters and scammers are scrambling their efforts against organizations across the world.
Barracuda Networks’ Threat Spotlight assessed phishing emails from October 2020 to January 2021. The analysis found that COVID vaccination-related spear-phishing attacks jumped 12 percent after Pfizer and Moderna’s successful clinical trials in November 2020. The spear-phishing attacks doubled after the vaccine rollouts started in January 2021.
These findings indicate the degree to which malicious actors adapt their maneuvers to equate real-world scenarios, developments, news, and public awareness.
The cybersecurity firm keeps track of BEC as a form of spear phishing. The company said it found BEC and brand imitation to be the most common COVID vaccine phishing attacks.
When it comes to brand imitation, scammers may use links to phishing websites that promote early vaccine access. The fraudsters offer early jabs in exchange for money. Or they impersonate healthcare workers tasked with collecting private data to determine eligibility for vaccination, the company said.
Barracuda Networks also said it found BEC fraudsters trying to dupe the email recipients into making money transfers. These scammers either impersonate employees asking for quick favor while getting a jab or HR managers requesting payment for a bundle of fictional jabs reserved for employees.
Meanwhile, the company CTO, Fleming Shi, has asked all workers to be wary of such phishing emails. He urged that it is crucial to have a custom-built solution that uses advanced technologies such as machine learning to track and assess abnormal communication patterns with organizations. Machine learning can trace abnormalities that may point to a breach and unveil compromised internal emails.
The CTO further said that having solid security policies and creating awareness among employees about phishing attacks are the keys to effectively battle the constantly evolving email risks.
It is worth noting here that the previous month, Mimecast sent out an alert about a new type of attack that tricks the victims into providing their personal and financial information by impersonating NHS and telling them that they’ve been chosen for early COVID-19 jab.
There have also been cases whereby scammers say they represent a pharmaceutical company involved in manufacturing COVID-19 vaccines. To build trust, the scammers use real companies’ names in their emails and offer the receivers vaccine-related business deals. They often provide additional email addresses for further communication with their potential victims.
In December, the FBI also warned people to be careful when opening emails and text messages from anonymous sources promising to provide information about getting a vaccine. The Financial Crimes Enforcement Network also cautioned about vaccine scams, saying they have noticed that fraudsters are ramping up their vaccine-related scams.