BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

Beware: COVID-19 Vaccine News May Lead to New Wave of Phishing

COVID-19 Vaccine Related Phishing and How You Can Protect Your Organization

As the COVID-19 pandemic continues to claim lives across the globe and infection rates continue to soar, scientists are continually looking for a solution to end the world’s suffering. In the past weeks, vaccine manufacturers, such as Moderna and Pfizer-BioNTech, have published encouraging results from the last stages of their vaccine trials, giving the world a glimpse of hope.

However, with all these vaccines that have been developed and those in their final stages, none has been officially released for mass consumption. As the population continues to get overwhelmed with pandemic fatigue and scientists get closer to developing a real vaccine, cybercriminals are now using the developed vaccines as a ploy in their extortion activities.

COVID 19 Vaccine

What are phishing emails?

Phishing is a form of social engineering often used by cybercriminals to trick their targets into providing them with their personal information and account data. Once this information is obtained, these malicious actors use the targets’ credentials or install malware into their systems to obtain data. Phishing is carried out via text messages, instant messages, social media messaging platforms, phone calls, or email. However, phishing emails are the most common. The recipient of the email is usually tricked into clicking on a malicious link, which may lead to the installation of malware that may obtain sensitive information or freeze the recipient’s system as a way to deny services as part of a cyberattack.

At the initial stages of the COVID-19 pandemic, these emails came in different forms with luring subject lines such as:

  • What to do if you have come into contact with someone with COVID-19.
  • Free COVID-19 testing emails.
  • Advice on what to do if you have violated COVID-19 health protocols.

The main aim of these emails was to exploit the anxiety surrounding the pandemic. With the vaccine in sight and the topic naturally arousing excitement and attention, these emails are now being tailored to announce the promise of COVID-19 vaccines.

How can you identify phishing emails? As an organization, you have probably already started seeing vaccine-themed phishing emails or may expect to start seeing these emails in the next few weeks. But how exactly do you distinguish these fake emails from verified ones to protect your employees and ultimately protect your organization’s systems?

Here are several tips to help you identify phishing emails:

  1. Legitimate companies don’t request sensitive information via email: The chances are that if you receive an email purporting to be from a legitimate institution that provides you with an attachment or link and asks you to provide sensitive data, it’s a scam. Most verified organizations don’t send emails asking for credit card information, account usernames and passwords.
  2. Legitimate companies don’t send unsolicited links or attachments: Unexpected emails that contain links and attachments reek of hackers. Authentic organizations don’t randomly send you emails with links or attachments; they usually direct you to their websites.
  3. Look out for spelling errors: The easiest way to recognize a phishing email is terrible grammar. Emails from a verified organization are usually well-written.
  4. Legitimate companies have domain emails: Don’t only check the name of the person sending you the email, also check the email address. Most companies use their domain email addresses when sending out emails. However, this is not a foolproof method of identifying phishing emails.

How can you protect your organization against phishing attacks?

To protect your organization from phishing attacks, you need to practice vigilance. Training your employees on what to look out for when it comes to distinguishing phishing emails goes a long way toward protecting your organization from malicious attacks.

The following pointers will help to mitigate risks for phishing attacks:

  • Use two-factor or multifactor authentication methods to add an extra verification layer when logging in to sensitive applications.
  • Integrate firewalls to establish a barrier between your internal network and incoming traffic from external sources to block malicious traffic.
  • Keep all your software and applications updated.
  • Install security software such as antivirus, antispyware and anti-malware programs to help detect and remove malicious programs.
  • Enable email filtering to filter out incoming emails for phishing content and automatically move them to a separate folder.

No matter how secure your company’s network is, it only takes one reckless employee to fall victim to a phishing attack and send your company’s data into the hands of cybercriminals. Your employees need to understand and be able to recognize phishing emails to protect your organization.

More Like This

Cyber Criminals Are Actively Exploiting a WordPress Plugin Zero-Day

Cyber Criminals Are Actively Exploiting a WordPress Plugin Zero-Day The Fancy Product Designer plugin — commonly used to configure visual products on WordPress, Shopify, and WooCommerce — has been compromised. Cybercriminals are actively looking for sites that use this plugin so as to exploit a recently-discovered vulnerability. What Is a Zero-Day Exploit? The term zero-day …

Cyber Criminals Are Actively Exploiting a WordPress Plugin Zero-Day Read More »

Read More

Could A Colonial Pipeline-Style Cyberattack Disrupt Your Business?

Could A Colonial Pipeline-Style Cyberattack Disrupt Your Business? The Colonial Pipeline ransomware attack garnered national headlines after hackers caused widespread gasoline shortages along the Eastern U.S. seaboard. Among the hardest hit, North Carolina saw more than two-thirds of local pumps closed, and 80 percent of fueling stations in the nation’s capital ran dry. Images of …

Could A Colonial Pipeline-Style Cyberattack Disrupt Your Business? Read More »

Read More

AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs

Original release date: May 28, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are responding to a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental organizations (NGOs). A sophisticated cyber threat actor leveraged a compromised end-user account from Constant Contact, a legitimate email marketing software …

AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs Read More »

Read More

How to Reinstall macOS on Your Computer

How to Reinstall macOS on Your Computer If your Mac has been having problems or behaving erratically as of late, it might be time for a fresh install of macOS using Recovery mode and Disk Utility. A new install may also be useful if you have plans to give away or sell your Mac. In …

How to Reinstall macOS on Your Computer Read More »

Read More

Understanding the Role of Non-Fungible Tokens (NFTs)

Understanding the Role of Non-Fungible Tokens (NFTs) Non-fungible tokens or NFTs are rising in popularity as more people discover their importance. These tokens come with unique metadata and identification codes, making it easier to distinguish individual tokens. Unlike digital currencies, such as Bitcoin and Ethereum, you cannot trade or exchange NFTs. They are cryptographic assets …

Understanding the Role of Non-Fungible Tokens (NFTs) Read More »

Read More

AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks

Original release date: May 11, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are aware of a ransomware attack affecting …

AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks Read More »

Read More