Joerg Habermeier - stock.adobe.c

Coronavirus: Phishing lures pivot to exploit vaccine hopes

Phishing emails are increasingly luring in victims with subject lines relating to the development of a vaccine for Covid-19

Phishing emails have outpaced web-based phishing by a factor of four to one as the delivery mechanism of choice for malicious files such as malware and ransomware packages in the past 30 days, as cyber criminals seize on people’s hopes that a vaccine against Covid-19 may be on the horizon.

On the day that the Russian authorities gave their approval to what they claim is the world’s first effective Covid-19 vaccine, a new Check Point report has revealed that the possibility of a vaccine is too tempting a lure for malicious actors to pass up.

The security firm said the number of phishing emails incorporating deceptive vaccine-related subject lines was up, and the number of vaccine-related domains had doubled in June and July, with one in every 25 malicious Covid-19-related websites’ landing pages now being vaccine-related.

Check Point data manager Omer Dembinsky said that exploiting Covid-19 vaccines to deceive their victims was now a clear trend adopted by cyber criminals. “Most of the campaigns involve a person’s inbox, which is concerning,” he said.

“Over 80% of attacks against organisations start from a malicious email and email is the first link in a chain of attacks. Since email attacks usually involve the human factor, employees’ email inboxes are an organisation’s weakest link.

“Closing this security gap requires protections against various threat vectors: phishing, malware, data theft and account takeover. I strongly urge everyone to closely read the subject lines of emails coming in. If it has the word vaccine in it, think twice. Chances are that you are on the threshold of being tricked into giving up your most sensitive, most private information.”

Check Point said it had found numerous examples of vaccine-related phishing, with subject lines including “Urgent confirmation letter: Covid-19 new approved vaccines” and “UK coronavirus vaccine effort is progressing badly appropriate, recruiting consequence and elder adults”. These specific campaigns incorporated an .exe file which, when clicked, installed information-stealing malware on the victim device, and a redirection to a medical phishing website posing as a legitimate pharmacy chain located in Canada.

Read more about phishing

  • Researchers have observed an increase in phishing as a means to deliver ransomware payloads – and organisations don’t appear to be prepared.
  • The NCSC has racked up a million suspicious email reports from the public just two months after launching a reporting service, but the lucky sender won’t be receiving a grand prize.
  • The alleged mastermind behind the Twitter breach has been arrested, and the method of social engineering attack has also been revealed: phone phishing, or vishing.

Protecting yourself from phishing attacks is, as ever, a relatively simple matter. Users should be encouraged to: check senders’ email addresses and be alert to misspellings of brand or domain names; never supply login credentials or personal information in response to an email; use two-factor authentication to verify changes made to accounts; verify irreversible transactions, such as money transfers, via a means other than email; monitor financial accounts; and keep software and systems up to date.

CISOs, meanwhile, should be investing in email protection services and end-user education.

More widely, although the total cyber attack volume remains at an all-time high, the number of Covid-19-related attacks has seen a significant drop in July, down by over 50% compared to June, when Check Point last reported on the impact of Covid-19 on cyber security.

However, this is no reason for complacency – earlier in August, Interpol warned that a second wave of Covid-19 cyber attacks was almost inevitable, especially as the world inches closer to a safe and usable vaccine.

Content Continues Below

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close