Share This:

Beware of phishing campaigns that use the COVID-19 vaccination as a hook. In the same way they’ve capitalized on the global pandemic with coronavirus-related phishing attacks, cybercriminals are now trying to leverage the vaccine to steal money and personal information. The FBI issued a warning in December about emerging fraud schemes related to COVID-19 vaccines.

In an analysis conducted between October 2020 and January 2021, Barracuda researchers found that hackers are increasingly using vaccine-related emails in their targeted spear-phishing attacks. After pharmaceutical companies like Pfizer and Moderna announced availability of vaccines in November 2020, the number of vaccine-related spear-phishing attacks increased by 12%. By the end of January, the average number of vaccine-related spear-phishing attacks was up 26% since October.

Here’s a closer look at the latest vaccine-related phishing attacks and solutions to help detect, block, and recover from them.

Highlighted Threat

Vaccine-related phishing — Cybercriminals are taking advantage of the heightened focus on the COVID-19 vaccine to launch spear-phishing attacks. Capitalizing on fear and uncertainty, the attacks using urgency, social engineering, and other common tactics to lure victims.

Barracuda researchers identified two predominant types of spear-phishing attacks using vaccine-related themes: brand impersonation and business email compromise.

The Details

As pharmaceutical companies rushed to develop and test vaccines, hackers rushed to leverage the momentum generated by news coverage in their phishing campaigns. The number of spear-phishing attacks targeting businesses peaked just as the first vaccines were being announced. They leveled off during the holidays (Attacks targeting businesses typically decline substantially during the holiday season).

While most of vaccine-related phishing attacks analyzed by Barracuda researchers were scams, many used more targeted techniques such as brand impersonation and business email compromise.

Brand impersonation

Vaccine-related phishing emails impersonated a well-known brand or organization and included a link to a phishing website advertising early access to vaccines, offering vaccinations in exchange for a payment, or even impersonating health care professionals requesting personal information to check eligibility for a vaccine.

Business email compromise

Attackers use business email compromise (BEC) to impersonate individuals within an organization or their business partners. In recent years, it has been one of the most damaging email threats, costing business over $26 billion dollars. Recently, these highly targeted attacks turned to vaccine-related topics. We’ve seen attacks impersonating employees needing an urgent favor while they are getting a vaccine or an HR specialist advising that the organization has secured vaccines for their employees.

Use of compromised accounts in vaccine-related fraud

Barracuda researchers also have visibility into not only email messages coming from outside of the organizations but also internal communication. As a result, they see a lot of fraudulent messages being sent internally—usually from compromised account.

Cybercriminals use phishing attacks to compromise and takeover business accounts. Once inside, more sophisticated hackers will conduct reconnaissance activity before launching targeted attacks. More often than not, they use these legitimate accounts to send mass phishing and spam campaigns to as many individuals as possible before their activity is detected and they are locked out of an account.

That’s why when looking at these lateral phishing attacks overtime, there are these huge spikes of activity. Interestingly, vaccine-related lateral phishing attacks spike around the same time as major COVID-19 vaccines are announced and approved around the world.

Protecting against vaccine-related phishing

Be skeptical of all vaccine-related emails

Some email scams include offers to get the COVID-19 vaccine early, join a vaccine waiting list, and have the vaccine shipped directly to you. Don’t click on links or open attachments in these emails, as they are typically malicious.

Take advantage of artificial intelligence
Scammers are adapting email tactics to bypass gateways and spam filters, so it’s critical to have a solution that detects and protects against spear-phishing attacks, including brand impersonation, business email compromise, and email account takeover. Deploy purpose-built technology that doesn’t rely solely on looking for malicious links or attachments. Using machine learning to analyze normal communication patterns within your organization allows the solution to spot anomalies that may indicate an attack.

Deploy account-takeover protection
Don’t just focus on external email messages. Some of the most devastating and successful spear-phishing attacks originate from compromised internal accounts. Be sure scammers aren’t using your organization as a base camp to launch these attacks. Deploy technology that uses artificial intelligence to recognize when accounts have been compromised and that remediates in real time by alerting users and removing malicious emails sent from compromised accounts.

Train staffers to recognize and report attacks
Educate your users about spear-phishing attacks. Provide employees with up-to-date user awareness training about vaccine-related phishing, seasonal scams, and other potential threats. Ensure staffers can recognize the latest attacks and know how to report them to IT right away. Use phishing simulation for email, voicemail, and SMS to train users to identify cyberattacks, test the effectiveness of your training, and evaluate the most vulnerable users.

Set up strong internal policies to prevent fraud
All companies should establish and regularly review existing policies, to ensure that personal and financial information is handled properly. Help employees avoid making costly mistakes by creating guidelines and putting procedures in place to confirm all email requests for wire transfers and payment changes. Require in-person or telephone confirmation and/or approval from multiple people for all financial transactions.

Photo: Aedka Studio / Shutterstock

Share This:
Fleming Shi

Posted by Fleming Shi

Fleming Shi is Chief Technology Officer at Barracuda, where he leads the company’s threat research and innovation engineering teams in building future technology platforms. He has more than 20 patents granted or pending in network and content security.

One Comment

Leave a reply

Your email address will not be published. Required fields are marked *