Warning over new surge in vaccine-related email scams
As the global Covid-19 vaccine rollout continues, researchers at Barracuda Networks have revealed a sharp rise in vaccine-associated phishing attacks
Covid-19 vaccine-related email scams are on the rise, according to new data from Barracuda Networks. The findings, which were contained in Barracuda’s most recent Threat Spotlight, analysed phishing emails between October 2020 and January 2021. Interestingly, the number of vaccine-related spear-phishing attacks increased by 12 per cent immediately following vaccine availability announcements from Pfizer and Moderna in November 2020.
However, by the end of January 2021, following the continued successful rollout of the vaccine, the average number of vaccine-related spear-phishing attacks was up 26 per cent since October. In the time frame analysed, Barracuda observed spikes in vaccine-related phishing activity centred around new updates, announcements and ground-breaking approvals from around the world. Researchers concluded that this is due to mass phishing campaigns centred around spiking public interest towards the vaccine, in an effort from the perpetrators to improve the effectiveness of their phishing attack campaigns.
Barracuda researchers identified two predominant types of spear-phishing attacks using vaccine-related themes: brand impersonation and business email compromise.
The former is an email attack form which is used to impersonate a well known brand or organisation and includes a link to a phishing website advertising early access to vaccines, offering vaccinations in exchange for a payment, or even impersonating health care professionals requesting personal information to check eligibility for a vaccine.
Business Email Compromise (BEC) attacks are instead used to impersonate individuals within an organisation or their business partners. Barracuda observed that recently these highly targeted attacks turned to vaccine-related topics. Common examples include impersonating employees needing an urgent favour while they are getting a vaccine or an HR specialist advising that the organisation has secured vaccines for their employees.
Fleming Shi, CTO for Barracuda Networks, said, “Combatting this growing threat first requires individuals and employees to be sceptical of all vaccine-related emails, especially those offering early access to the vaccine, to join a waiting list, or have the vaccine shipped directly to you – as a precaution you should never click on links or open attachments in these emails.
“Scammers are also adapting email tactics to bypass gateways and spam filters, so it’s critical to have a purpose-built solution that uses machine learning to analyse normal communication patterns within your organisation, so that it can also spot anomalies that may indicate an attack, or if an internal email has been compromised.
“Finally, establishing strong internal policies and training staffers on how to recognise and report all attacks, not just those pertaining to the vaccine, will be the most effective method to bolstering defences against the ever-evolving email attack threat facing you," added Shi.
We are wholly dependent on the kindness of our readers for our continued work. We thank you in advance for any support you can offer.