Cybercriminals are leveraging interest in COVID-19 vaccination programs and are conducting a range of COVID-19 vaccine phishing scams with the goal of obtaining sensitive data such as login credentials or to distribute malware. Several government agencies in the United States have recently issued warnings to businesses and consumers about the scams including the Department of Health and Human Services’ Office of Inspector General and the Centers for Medicare and Medicaid Services, and law enforcement agencies such as the FBI.
COVID-19 vaccine scams can take many forms. Campaigns have already been detected that offer early access to COVID-19 vaccines. These scams require a payment to be made as a deposit or a fee to get to the top of the waiting list. Other scams offer the recipients a place on the waiting list if they apply and provide personal information.
COVID-19 vaccine phishing scams are being conducted via email; however, it is likely that fraudsters will advertise on websites, social media channels, or conduct scams over the telephone or via SMS messages and instant messaging platforms. While many of these scams target consumers, there is potential for businesses to be affected if employees access their personal emails at work or if the scam emails are sent to work email addresses.
Scam emails often include links to websites where information is harvested. These links may be hidden in email attachments to hide them from email security solutions. Office documents are also commonly used for delivering malware, via malicious macros.
The emails typically impersonate trusted entities or individuals. COVID-19 vaccine scam emails are likely to impersonate healthcare providers, health insurance companies, vaccine centers, and federal, state, or local public health authorities. During the pandemic there have been many cases of fraudsters impersonating the U.S. Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO) in Covid-19 related phishing scams.
The U.S. Department of Justice recently announced that two domains have been seized that impersonated vaccine developers. The domains were virtual carbon copies of the legitimate websites of two biotechnology companies involved in vaccine development. The malicious content has been removed, but there are likely to be many more domains registered and used in COVID-19 vaccine phishing scams over the coming weeks.
Warnings have also been issued about the risk of ransomware attacks that take advantage of interest in COVID-19 vaccines and provide the attackers with the foothold in networks they need to conduct their attacks.
There are four important steps that businesses can take to reduce to risk of falling victim to these scams. Since email is extensively used, it is essential to have an effective spam filtering solution in place. Spam filters use blacklists of malicious email and IP addresses to block malicious emails, but since new IP addresses are constantly being used in these scams, it is important to choose a solution that incorporates machine learning. Machine learning helps to identify phishing threats from IP addresses that have not previously been used for malicious purposes and to identify and block zero-day phishing threats. Sandboxing is also important for identifying and blocking zero-day malware threats that have yet to have their signatures incorporated into the virus definition lists of antivirus engines.
While spam filters can identify and block emails that contain malicious links, a web filtering solution is also recommended. Web filters are used to control the websites that employees can access and prevent visits to malicious websites through general web browsing, redirects, and clicks on malicious links in emails. Web filters are constantly updated via threat intelligence feeds to provide protection against recently discovered malicious URLs.
Businesses should not neglect end user training and should regularly provide refresher training to employees to help them identify phishing threats and malicious emails. Phishing simulation exercises are also beneficial for evaluating the effectiveness of security awareness training.
Multi-factor authentication should also be applied as a last line of defense. In the event of credentials being compromised, multi-factor authentication will help to ensure that stolen credentials cannot be used to remotely access accounts.
With these measures implemented, businesses will be well protected from malware, COVID-19 vaccine phishing scams, and other phishing threats.
For further information on spam filtering, web filtering, and protecting your business from malware and phishing attacks, give the TitanHQ team a call today.