Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Protecting Against Vaccine-Themed Attacks and Misinformation

COVID-19 Vaccine Scam and Misinformation

COVID-19 Vaccine Scam and Misinformation

Just before Christmas, the British Government became the first to approve a COVID-19 vaccine. Since that announcement, not only have several other vaccines been regulated for use, but the worldwide rollout is gaining momentum with other countries approving and accelerating populous vaccination programs.

Now that we can see a proactive rollout of the vaccine, hope has sparked amongst frontline workers, at-risk individuals and members of the public. Once again, it will become possible to see loved ones, travel, or even do simple things like pop out for coffee with friends. We can see the world beginning a journey toward the new normal.

However, the numerous steps involved with distribution and the heightened urgency around the vaccination program have also presented a target for bad actors. Its rollout offers an opportunity to make money. They recognize that people can be so excited about future possibilities that their mental cybersecurity checks could be overwhelmed.

Over the coming weeks, we must be vigilant as there will be a glut of activity and misinformation from cybercriminals wanting to disrupt the rollout or part people from their hard-earned money. With everything moving so fast, now is not the time to adopt new technology, or consider different ways of thinking, to stay ahead of these threats. Now is the time to simply consider a few tips that may prevent over-excitement and help us stay alert to potential threats. 

Advice for Businesses

Ransomware growth is the most expansive business threat, with incidents taking advantage of COVID messaging. That is why it’s increasingly important to keep an eye on what’s happening in the supply chain, as was proven by the damage caused by the attack on SolarWinds recently. Here are a few helpful tips to keep in mind to help ward off supply chain attacks:

• Keep up with education and awareness for staff, mindful that many were totally unprepared for remote working, so continued emphasis remains important.

• Watch over data, monitor usage closely. Who is accessing what data, from where, when, and using what device? If it’s not already in use, this is the time to enable multi-factor authentication tools and ensure that there are clear access policies communicated to staff.

Advertisement. Scroll to continue reading.

• Keep technology up-to-date. Many organizations rolled out advanced threat tools in response to attacks launched at the start of the pandemic – now is an excellent time to review achievements and make sure that policies and training are up-to-date. Oh, and patch, patch, patch; whatever has been deployed must be kept up-to-date!

Advice for Individuals 

Whilst it’s good to have confidence in a business to keep our information safe, attackers will take advantage of any individual where there’s an opportunity. Most attacks have simply been adapted to take advantage of everyone wanting to be vaccinated as soon as possible.

A few approaches we can all look out for include:

• Phishing – sending fake emails. Not every country has approved every vaccine (in some cases none to date), and where there are programs in place, the distribution will be limited to ensure that those most at risk receive protection first. If you receive an email offering the vaccine as a ‘private’ option, delete it as a potentially dangerous fake. Always check the origination and links of seemingly official emails. 

• Smshing – sending fake text messages. Text messages offering the vaccine are clearly fake, but some offer the chance to make an appointment and are, in fact, harvesting personal data to resell. These can be harder to spot, but remember that an official text will never request bank account details, copies of personal documents or highly confidential information.

• Fake websites used to steal personal data. There have been thousands of sites spun up to offer vaccine services, but you can avoid being scammed by checking that the domain is valid. Official sites will use an exact domain name ending in a government suffix, for example, https://www.cdc.gov/vaccines/covid-19/index.html/. If the website name seems unusual – perhaps numbers and letters, or unreadable – then avoid.

• Queue-jumping opportunities. At this stage, the Coronavirus vaccine is typically provided at no direct cost to individuals, either via government-/centrally-funded or via insurance cover. If you receive an email, SMS, telephone call or even a knock at the door offering the chance to pay for a vaccination, turn it away. At best, you will be parted from cash; at worst, there have been cases of people paying for fake injections to be administered. 

Over the coming months, we will see more and more countries coming online to provide a vaccination program using the current and other validated vaccinations. In some countries, such as the US, these may be via insurance services, in others, such as Canada and much of Europe, it could be centrally funded. However, whichever route a country takes, the risks remain valid: Thousands of email and website scams waiting and wanting to take advantage of anxious and hopeful people.

Be VERY careful; if it looks fake delete it. You can always double-check with your healthcare provider so that legitimate communications are not overlooked.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.