In December, the FBI warned businesses and individuals about cybersecurity threats involving COVID-19 vaccine phishing scams. Cyberattacks have risen over the past year, as cybercriminals have taken advantage of vulnerabilities related to the pandemic. The latest scams prey on people’s desire and desperation to get a COVID-19 vaccination.
So, it’s important that your employees are aware of these COVID-19 scams and how to avoid them. Otherwise, they may accidentally take an action that puts your business’ IT network at risk.
Forms of Fraudulent Activity
A few of the many types of COVID-19 vaccine phishing scams include:
- Advertisements or offers for early access to a vaccine upon payment of a deposit or fee
- Marketers offering to sell and/or ship doses of a vaccine, domestically or internationally, in exchange for payment of a deposit or fee
- Unsolicited emails from someone claiming to be from a medical office, insurance company, or COVID-19 vaccine center requesting personal and/or medical information to determine recipients’ eligibility to participate in clinical vaccine trials or obtain the vaccine
Cybercriminals use the above and other COVID-19 vaccine phishing scams to obtain payment or sensitive information, or to install malicious software (malware) on a device or IT network.
Standard email phishing is the fraudulent practice of sending emails that appear to be from a trusted sender in order to get people to reveal confidential information or take an action. This might include the victim unwittingly transferring money to a criminal’s bank account, thinking they are buying something legitimate. Criminals are developing COVID-19 vaccine-related websites, emails and advertisements that trick victims because they look legitimate.
Malware phishing uses the same techniques as email phishing. But, this attack encourages targets to click a link or download an attachment so malware can be installed on the device or network. This could include viruses, ransomware and spyware. Malware phishing poses a huge risk to businesses, as malware can result in extraction of sensitive data, theft or destruction of the network infrastructure.
How to Protect Your Business from COVID-19 Phishing Scams
As you probably noticed after reading the above, in order for these COVID-19 vaccine phishing scams to be successful, the target must take action. For example, ransomware does not just show up on a computer. The victim would have to initiate a download of malicious software, like clicking on a link in a fraudulent email.
The good news is, the more well-trained employees are about these risks and how to spot scams, the less vulnerable your business is to cyberattacks. Here are a few things employees should look for:
- Before clicking a link, opening a file or making a payment, pause to ask if it makes sense. If you know your county is the only source for COVID-19 vaccinations and you get an email from another organization offering vaccines, that should raise a red flag. Don’t open the email, click on any links or open any attachments.
- Check the spelling of the sender’s email address. For example, an email may appear to be from Hillsborough County. Click on the email address and see whether the domain name is spelled differently than the county’s official website. If it is, it’s likely a COVID-19 vaccine phishing
- If you receive a suspicious email, contact your IT department – only forward them the email if they ask you to. Then delete the email permanently from your Inbox and Deleted items.
- See other tips from the FBI
In addition, a multi-layered approach to cybersecurity will help protect your business from COVID-19 vaccine phishing scams. Spam filters can help prevent email phishing by catching some attempts. And, firewall, anti-virus, anti-malware, advanced threat detection and advanced threat prevention solutions are a few other best practices for business cybersecurity.