It was pretty predictable: With all of the hoopla around the COVID-19 vaccine, there would most certainly be the associated COVID-19 scams and phishing campaigns. Sure enough, right alongside the news of the rollout of the vaccine come early reports of vaccine-themed phishing emails.
Something seems phishy here…
The first message just reported to our partner KnowBe4 uses a social engineering scheme the security pros had actually predicted:
The email plays off recent reports that Pfizer may have a vaccine shortage within the United States: They may not be able to supply enough vaccines to accommodate everyone until sometime in the second quarter of 2021. True to form, the link in the scam message takes users to a login page where they enter their credentials:
Playing off our uncertainty
The scheme in the phishing email applies social engineering in its most basic form. The bad guys exploit some of the basic questions and concerns (and in many cases, fears) that many have about the vaccines as governments begin distribution:
- How soon will a vaccine be available?
- Will it be safe?
- How can I get it?
- When can I get it?
- How much will it cost?
- Should I get it?
Awareness is key
Users’ uncertainty at this time coupled with a thirst for information can prove dangerous if they don’t know what threats to look out for. We already know that malicious players took advantage worldwide as Coronavirus was first spreading across the globe. As one of the security experts at KnowBe4 put it, “It was and still is the perfect tool for social engineering scared, confused, and even downright paranoid end users into opening the door to your organization’s network.”
So now that an expected round of vaccine-themed phishing emails may begin landing in your employees’ inboxes, it is time to get them up to speed with the threat. And it certainly couldn’t hurt to give them a refresher of the telltale signs of phishing messages in general. For that, I suggest you take a look (and share!) information from a couple of CGNET’s past articles on the subject. The posts Remember Some Basic Phishing Protections and Anatomy of a Phishing Message by Dan Callahan are particularly useful.
Stay vigilant — protect both your health and the security of your organization!