#COVID19 Vaccine Phishing Scams Surge 26% in Three Months

Written by

Vaccine-related phishing and Business Email Compromise (BEC) attempts jumped 26% in a recent three-month period, as scammers ramped up their efforts against organizations, according Barracuda Networks.

The security vendor’s Threat Spotlight, analyzed phishing emails between October 2020 and January 2021.

It revealed that, while the volume of vaccine-related spear-phishing attacks increased by 12% following announcements from Pfizer and Moderna in November 2020, this figure had more than doubled by the end of January 2021, after successful rollouts of the jab.

This clearly shows the extent to which cyber-criminals tweak their campaigns to coincide with real-world news events and public awareness.

Unlike some vendors, Barracuda Networks tracks BEC as a type of spear-phishing. It said this and brand impersonation were the most common types of vaccine-related phishing attempts it spotted.

In terms of brand impersonation, phishers may link to a phishing website advertising early access to vaccines, offering vaccinations in exchange for payment, or impersonating health care professionals requesting personal information to check eligibility for a jab, the vendor claimed.

Barracuda Networks also spotted BEC scams attempting to trick recipients into making fund transfers. Two ways of doing so are by impersonating employees requesting an urgent favor while they are getting a vaccine, or HR managers requesting money for a batch of non-existent vaccines secured for employees.

The security firm’s CTO, Fleming Shi, urged all employees to be skeptical of any such emails.

“Scammers are also adapting email tactics to bypass gateways and spam filters, so it’s critical to have a purpose-built solution that uses machine learning to analyse normal communication patterns within your organization, so that it can also spot anomalies that may indicate an attack, or if an internal email has been compromised,” he added.

“Finally, establishing strong internal policies and training staffers on how to recognize and report all attacks, not just those pertaining to the vaccine, will be the most effective method to bolstering defenses against the ever-evolving email threat.”

Last month, Mimecast warned of a new campaign designed to trick individuals into handing over personal and financial details by claiming they had been selected by the NHS for early vaccination.

What’s hot on Infosecurity Magazine?