The Growing Threat of #COVID19 Vaccine Phishing Scams

The recent approval of COVID-19 vaccines across the world finally offers a path out of the crisis, and the potential for some kind of normality to return over the coming months.

Sadly, however, this latest development in the pandemic story has already been seized upon by fraudsters to launch a number of scams. This shouldn’t come as any surprise, with techniques such as phishing extensively used by cyber-criminals throughout the crisis to target victims. For instance, at the start of the pandemic, it was found that phishing emails went up by 667% in a month, and this tactic has persisted ever since.  

COVID-19 has undoubtedly provided the perfect lures for phishing scams to be launched, be it via email, SMS or social media, as people are understandably in a heightened state of anxiety about the health and financial impact on their lives, and therefore more vulnerable to being duped by offers of help and solutions. This has occurred both in relation to the health aspects of the crisis, such as bogus offers of personal protective equipment (PPE) and testing kits, and the various economic support measures governments have brought in to help businesses and individuals unable to work during lockdown restrictions. These are often highly sophisticated and realistic, generally linking victims to fake websites that ask them to provide personal details, such as banking information.

We are now starting to see similar types of scams emerge to take advantage of the latest stage of the crisis; vaccines. This week, Pauline Smith, head of Action Fraud, the UK’s national reporting center for fraud and cybercrime, warned that although reports have been relatively low so far, “we have seen an increase in the last two months, particularly around scam text messages.”

As vaccine programs begin in many countries at the start of 2021, it appears fraudsters are ramping up their targeting of this sensitive issue . This is especially worrisome given that those first in line for vaccines, the very elderly, are among the groups most likely to duped. In the UK, where individuals aged 80 and older are currently awaiting contact from the National Health Service (NHS) about when they are eligible for the jab, numerous examples have been highlighted by authorities. In late December, an NHS body said it was aware of a scam whereby people are asked to press a number on their keypad or send a text to confirm they wish to receive the vaccine, which may result in a charge being applied to their phone bill.

Police forces in the UK also this week outlined details of a text message scam telling recipients they are “eligible to apply for your vaccine.” This links victims to a fake NHS website in which they are asked to provide personal information and bank details “for verification.”

“Fraudsters have been quick to capitalize on the vaccine rollout”

Commenting on this story, Jeremy Hendy, CEO of Skurio, said: “Fraudsters have been quick to capitalize on the vaccine rollout and this latest scam highlights the need for individuals to stay ultra-vigilant to avoid giving criminals a free pass to their most valuable data. A well-crafted message can look utterly convincing: users must be educated in what to look out for, they need to be suspicious of every text or email and must stay alert for anything which could be a scam. Always err on the side of caution, especially if any communications that appear to be genuine and from a credible source are asking for bank details, passwords, money transfers or other critical information.” 

It is therefore critical that, amid the obvious desire for a rapid rollout of vaccines across the population, care is taken to keep members of the public informed about the likely surge in phishing attacks linked to this subject. This is especially the case for the elderly population who, in the UK, lost £2.4m in just four months to COVID-19-related fraud in the UK, according to the charity Age UK.

People need to be clearly informed that any requests for financial information relating to the vaccine might be a scam as well as general advice such as double checking the source and content of any message. In relation to the UK, Smith of Action Fraud commented: “Remember, the vaccine is only available on the NHS and is free of charge. The NHS will never ask you for details about your bank account or to pay for the vaccine. If you receive an email, text message or phone call purporting to be from the NHS and you are asked to provide financial details, this is a scam.”

In addition to authorities actively highlighting the threats out there, Hendy outlined his belief that there should be a single source of information regarding the rollout of vaccines. “The rise in COVID-related fraud highlights the need for a more centralized system for sharing information. This would undoubtedly help those that are concerned and who could be more vulnerable to such attacks,” he stated.

Understandably, all the attention of the vaccine rollout has so far focused on its speed, as countries the world over look to get back to normal as soon as possible. However, the opportunities for fraud that such programs offer to bad actors have so far only received limited coverage, and people, especially the elderly, are vulnerable to being duped by scams. This now needs to be a focus for authorities alongside the distribution of vaccines.

What’s Hot on Infosecurity Magazine?