BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

Beware: COVID-19 Vaccine News May Lead to New Wave of Phishing

COVID-19 Vaccine Related Phishing and How You Can Protect Your Organization

As the COVID-19 pandemic continues to claim lives across the globe and infection rates continue to soar, scientists are continually looking for a solution to end the world’s suffering. In the past weeks, vaccine manufacturers, such as Moderna and Pfizer-BioNTech, have published encouraging results from the last stages of their vaccine trials, giving the world a glimpse of hope.

However, with all these vaccines that have been developed and those in their final stages, none has been officially released for mass consumption. As the population continues to get overwhelmed with pandemic fatigue and scientists get closer to developing a real vaccine, cybercriminals are now using the developed vaccines as a ploy in their extortion activities.

COVID 19 Vaccine

What are phishing emails?

Phishing is a form of social engineering often used by cybercriminals to trick their targets into providing them with their personal information and account data. Once this information is obtained, these malicious actors use the targets’ credentials or install malware into their systems to obtain data. Phishing is carried out via text messages, instant messages, social media messaging platforms, phone calls, or email. However, phishing emails are the most common. The recipient of the email is usually tricked into clicking on a malicious link, which may lead to the installation of malware that may obtain sensitive information or freeze the recipient’s system as a way to deny services as part of a cyberattack.

At the initial stages of the COVID-19 pandemic, these emails came in different forms with luring subject lines such as:

  • What to do if you have come into contact with someone with COVID-19.
  • Free COVID-19 testing emails.
  • Advice on what to do if you have violated COVID-19 health protocols.

The main aim of these emails was to exploit the anxiety surrounding the pandemic. With the vaccine in sight and the topic naturally arousing excitement and attention, these emails are now being tailored to announce the promise of COVID-19 vaccines.

How can you identify phishing emails? As an organization, you have probably already started seeing vaccine-themed phishing emails or may expect to start seeing these emails in the next few weeks. But how exactly do you distinguish these fake emails from verified ones to protect your employees and ultimately protect your organization’s systems?

Here are several tips to help you identify phishing emails:

  1. Legitimate companies don’t request sensitive information via email: The chances are that if you receive an email purporting to be from a legitimate institution that provides you with an attachment or link and asks you to provide sensitive data, it’s a scam. Most verified organizations don’t send emails asking for credit card information, account usernames and passwords.
  2. Legitimate companies don’t send unsolicited links or attachments: Unexpected emails that contain links and attachments reek of hackers. Authentic organizations don’t randomly send you emails with links or attachments; they usually direct you to their websites.
  3. Look out for spelling errors: The easiest way to recognize a phishing email is terrible grammar. Emails from a verified organization are usually well-written.
  4. Legitimate companies have domain emails: Don’t only check the name of the person sending you the email, also check the email address. Most companies use their domain email addresses when sending out emails. However, this is not a foolproof method of identifying phishing emails.

How can you protect your organization against phishing attacks?

To protect your organization from phishing attacks, you need to practice vigilance. Training your employees on what to look out for when it comes to distinguishing phishing emails goes a long way toward protecting your organization from malicious attacks.

The following pointers will help to mitigate risks for phishing attacks:

  • Use two-factor or multifactor authentication methods to add an extra verification layer when logging in to sensitive applications.
  • Integrate firewalls to establish a barrier between your internal network and incoming traffic from external sources to block malicious traffic.
  • Keep all your software and applications updated.
  • Install security software such as antivirus, antispyware and anti-malware programs to help detect and remove malicious programs.
  • Enable email filtering to filter out incoming emails for phishing content and automatically move them to a separate folder.

No matter how secure your company’s network is, it only takes one reckless employee to fall victim to a phishing attack and send your company’s data into the hands of cybercriminals. Your employees need to understand and be able to recognize phishing emails to protect your organization.

More Like This

AA21-209A: Top Routinely Exploited Vulnerabilities

Original release date: July 28, 2021 Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI).  This advisory provides details on the top 30 vulnerabilities—primarily Common Vulnerabilities …

AA21-209A: Top Routinely Exploited Vulnerabilities Read More »

Read More

How New Windows Server 2022 Features Improve Hybrid Integration and Security

How New Windows Server 2022 Features Improve Hybrid Integration and Security Microsoft recently announced the preview of the latest Windows Server. The new release comes with several key features, such as Azure automanage (hotpatching) and virtualization-based security (VBS). Windows Server 2022 allows users to leverage the cloud to maximize uptime and keep virtual machines (VMs) …

How New Windows Server 2022 Features Improve Hybrid Integration and Security Read More »

Read More

AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013

Original release date: July 20, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information, including indicators of compromise (IOCs), provided in this advisory in 2012 to affected organizations and …

AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013 Read More »

Read More

Uncovering the Complexity and Potential Future Trends of Cyber Threats Faced by the U.S.

Uncovering the Complexity and Potential Future Trends of Cyber Threats Faced by the U.S. America’s critical infrastructure, the Federal government, and commercial institutions are undoubtedly under attack. The sophisticated cyber threats facing the country emanate from various parts of the world. A wide selection of state actors and hacker groups are working tirelessly to paralyze …

Uncovering the Complexity and Potential Future Trends of Cyber Threats Faced by the U.S. Read More »

Read More

AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs

Original release date: July 19, 2021 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques and the D3FEND framework for referenced defensive tactics and techniques. The National Security Agency, Cybersecurity …

AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs Read More »

Read More

AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department

Original release date: July 19, 2021 Summary This Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40. This advisory provides APT40’s tactics, techniques, and procedures (TTPs) and …

AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department Read More »

Read More