Just as the coronavirus was deemed a national crisis, the number of phishing campaigns and related domains tied to the pandemic drastically spiked. By late May 2020, a large number of these phishing attacks died off, but new reports from various cybersecurity platforms and researchers show that threat actors are continuing to prey on fears surrounding the COVID-19 pandemic and attacks have surged in the past few months.
Most of these lures, said the firm, were attempting to steal users’ “business credentials”. For example, a phishing site set-up in late 2020 posed as a corporate presence for BioNTech and Pfizer, the vaccine makers, asking users to log in with Office 365 credentials in order to register for vaccination.
In addition, The Department of Justice has warned of a “new wave of COVID-19 scams” amid the ongoing second round of stimulus payments being delivered to Americans.
In a statement last month, the department said: “In the last several months, IRS-CI [Internal Revenue Service Criminal Investigation] has seen a variety of Economic Impact Payment (EIP) [stimulus payment] scams and other financial schemes designed to steal money and personal information from taxpayers.”
COVID Vaccine Phishing Examples
Examples of vaccine related phishing attacks take many forms, but a few examples can be seen below:
How to Avoid Being Phished
As always, you should practice good phishing prevention skills by looking for red flags in any email you receive, including COVID related emails.
These include emails with suspicious links or attachments, plus:
- Messages or phone calls with an urgent tone – They ask you to reveal your account password or other confidential information and hope you won’t stop to think about it.
- An unofficial or unusual “From” address – This is a sender’s email address that is similar to, but not the same as, an official company email address.
- A message marked with “Urgent action required” – Phishing often includes urgent “calls to action” to try to get you to react immediately.
- A generic greeting – Fraudsters who send thousands of phishing emails at one time may have your email address, but they will not always have your name.
- A link to a fake website – Phishing emails usually include a link to a fraudulent website that is formatted to look similar to the sign-in page of a legitimate website.
How to Avoid COVID Scams
In today’s world, misinformation and scams are everywhere. Ensure you only utilize official sources and websites to keep yourself informed.
Stay vigilant!
TC120364(0421)1