Skip to main content

Vaccine phishing attacks surge as the rollout gathers pace

(Image credit: Image source: Shutterstock/wk1003mike)

It appears that cybercriminals have been paying close attention to the news, with the number of Covid-19 vaccine-related spear-phishing attacks (opens in new tab) surging every time there’s an important announcement or breakthrough.

This is according to a new report from cybersecurity firm Barracuda, which analyzes the number of vaccine-related phishing attacks between October 2020 and January 2021, during which period the first vaccines were announced and the rollout began.

The report states that the number of these attacks rose 12 percent immediately after the Pfizer and Moderna vaccines were announced in November 2020. Further, by the end of January 2021, as the vaccine rollout gathered pace, the average number of related spear-phishing attacks grew by more than a quarter (26 percent) compared to October.

The two main types of spear-phishing attacks used by criminals were brand impersonation and business email compromise (BEC (opens in new tab)), Barracuda added.

Cybercriminals often impersonated organizations such as the UN, WHO, the NHS and other similar entities, offering early access to vaccines. In some cases, they even pretended to be healthcare professionals and asked for personal information to “check eligibility for a vaccine”.

When it comes to BEC attacks, criminals often tried to impersonate people's colleagues, claiming they needed an urgent favor linked with receiving a vaccine. In other cases, they pretended to be an HR specialist informing employees that the organization has secured vaccines for staff.

“Combatting this growing threat first requires individuals and employees to be skeptical of all vaccine-related emails, especially those offering early access to the vaccine, to join a waiting list, or have the vaccine shipped directly to you – as a precaution you should never click on links or open attachments in these emails,” said Fleming Shi, CTO at Barracuda Networks.

“Scammers are also adapting email tactics to bypass gateways and spam filters, so it’s critical to have a purpose-built solution that uses machine learning to analyze normal communication patterns within your organization, so that it can also spot anomalies that may indicate an attack, or if an internal email has been compromised.

“Finally, establishing strong internal policies and training staffers on how to recognise and report all attacks, not just those pertaining to the vaccine, will be the most effective method to bolstering defences against the ever-evolving email attack threat facing you.”

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.