The COVID-19 Vaccine is Here. And So Are the Phishing Scams

vaccine phishing scam image

Written by Jackie Bilodeau

I am the Communications Director for CGNET, having returned to CGNET in 2018 after a 10-year stint in the 1990's. I enjoy hiking, music, dance, photography, writing and travel. Read more about my work at CGNET here.

December 16, 2020

It was pretty predictable: With all of the hoopla around the COVID-19 vaccine, there would most certainly be the associated COVID-19 scams and phishing campaigns.   Sure enough, right alongside the news of the rollout of the vaccine come early reports of vaccine-themed phishing emails.


Something seems phishy here…


The first message just reported to our partner KnowBe4 uses a social engineering scheme the security pros had actually predicted:


vaccine phishing message


The email plays off recent reports that Pfizer may have a vaccine shortage within the United States:  They may not be able to supply enough vaccines to accommodate everyone until sometime in the second quarter of 2021. True to form, the link in the scam message takes users to a login page where they enter their credentials:


vaccine phishing message 2


Playing off our uncertainty


The scheme in the phishing email applies social engineering in its most basic form. The bad guys exploit some of the basic questions and concerns (and in many cases, fears) that many have about the vaccines as governments begin distribution:

  • How soon will a vaccine be available?
  • Will it be safe?
  • How can I get it?
  • When can I get it?
  • How much will it cost?
  • Should I get it?

Awareness is key


Users’ uncertainty at this time coupled with a thirst for information can prove dangerous if they don’t know what threats to look out for.   We already know that malicious players took advantage worldwide as Coronavirus was first spreading across the globe.  As one of the security experts at KnowBe4 put it, “It was and still is the perfect tool for social engineering scared, confused, and even downright paranoid end users into opening the door to your organization’s network.”

So now that an expected round of vaccine-themed phishing emails may begin landing in your employees’ inboxes, it is time to get them up to speed with the threat.  And it certainly couldn’t hurt to give them a refresher of the telltale signs of phishing messages in general.   For that, I suggest you take a look (and share!) information from a couple of CGNET’s past articles on the subject. The posts Remember Some Basic Phishing Protections and Anatomy of a Phishing Message by Dan Callahan are particularly useful. 

Stay vigilant — protect both your health and the security of your organization!

You May Also Like…

You May Also Like…



  1. HR-related Phishing Scams Are on the Rise: Stay Alert! - CGNET - […] scams related to COVID-19 were everywhere last year. Fortunately, those have dropped off significantly in 2021. This is most…
Translate »
Share This