It appears that cybercriminals have been paying close attention to the news, with the number of Covid-19 vaccine-related spear-phishing attacks surging every time there’s an important announcement or breakthrough.
This is according to a new report from cybersecurity firm Barracuda, which analyzes the number of vaccine-related phishing attacks between October 2020 and January 2021, during which period the first vaccines were announced and the rollout began.
The report states that the number of these attacks rose 12 percent immediately after the Pfizer and Moderna vaccines were announced in November 2020. Further, by the end of January 2021, as the vaccine rollout gathered pace, the average number of related spear-phishing attacks grew by more than a quarter (26 percent) compared to October.
The two main types of spear-phishing attacks used by criminals were brand impersonation and business email compromise (BEC), Barracuda added.
Cybercriminals often impersonated organizations such as the UN, WHO, the NHS and other similar entities, offering early access to vaccines. In some cases, they even pretended to be healthcare professionals and asked for personal information to “check eligibility for a vaccine”.
When it comes to BEC attacks, criminals often tried to impersonate people’s colleagues, claiming they needed an urgent favor linked with receiving a vaccine. In other cases, they pretended to be an HR specialist informing employees that the organization has secured vaccines for staff.
“Combatting this growing threat first requires individuals and employees to be skeptical of all vaccine-related emails, especially those offering early access to the vaccine, to join a waiting list, or have the vaccine shipped directly to you – as a precaution you should never click on links or open attachments in these emails,” said Fleming Shi, CTO at Barracuda Networks.
“Scammers are also adapting email tactics to bypass gateways and spam filters, so it’s critical to have a purpose-built solution that uses machine learning to analyze normal communication patterns within your organization, so that it can also spot anomalies that may indicate an attack, or if an internal email has been compromised.
“Finally, establishing strong internal policies and training staffers on how to recognise and report all attacks, not just those pertaining to the vaccine, will be the most effective method to bolstering defences against the ever-evolving email attack threat facing you.”