Phishing campaigns that use the COVID-19 vaccination as bait are becoming more popular in recent months. In the same way that a year ago threat actors capitalized on the start of the global pandemic with coronavirus-related phishing attacks, cybercriminals are now trying to leverage the vaccine to steal money, credentials, and personal information. The FBI issued a warning in December about emerging fraud schemes related to COVID-19 vaccines.
Researchers at our email security vendor, Barracuda, conducted an analysis of emails between October 2020 and January 2021, and found that hackers are increasingly using vaccine-related emails in their targeted spear-phishing attacks. After pharmaceutical companies like Pfizer and Moderna announced the availability of vaccines in November 2020, the number of vaccine-related spear-phishing attacks increased by 12%. By the end of January, the average number of vaccine-related spear-phishing attacks was up 26% since October.
The primary weapon of choice for attackers is Spear-Phishing Emails, capitalizing on fear and uncertainty, the attacks using urgency, social engineering, and other common tactics to lure victims. Two predominant types of spear-phishing attacks using vaccine-related themes have been identified: brand impersonation and business email compromise.
Vaccine-related phishing emails impersonated a well-known brand or organization and included a link to a phishing website advertising early access to vaccines, offering vaccinations in exchange for a payment, or even impersonating health care professionals requesting personal information to check eligibility for a vaccine.
Business Email Compromise, or BEC, is a common attack technique. In this method, attackers impersonate individuals within an organization. Recently, these highly-targeted attacks turned to vaccine-related topics. Examples include impersonating employees needing an urgent favor while they are getting a vaccine or an HR specialist advising that the organization has secured vaccines for their employees.
If you have any concerns about your email security, please contact Partek for a zero-commitment audit on your IT infrastructure.