Hackers exploiting COVID-19 vaccine in phishing attacks

Data from Barracuda reveals surge in vaccine-related phishing attacks as rollout picks up momentum

Posted 4 March 2021 by Christine Horton

Hackers are now using COVID-19 vaccine-related emails in their targeted spear-phishing attacks, according to new research.

The findings, from Barracuda Networks, analysed phishing emails between October 2020 and January 2021. The number of vaccine-related spear-phishing attacks increased by 12 percent immediately following vaccine availability announcements from Pfizer and Moderna in November 2020. However, by the end of January 2021, following the continued successful rollout of the vaccine, the average number of vaccine-related spear-phishing attacks was up 26 percent since October.

Over that time period Barracuda observed spikes in vaccine-related phishing activity centred around new updates, announcements and ground-breaking approvals from around the world. Researchers concluded that this is due to mass phishing campaigns centred around spiking public interest towards the vaccine, in an effort from the perpetrators to improve the effectiveness of their phishing attack campaigns.

Types of attacks

Barracuda researchers identified two predominant types of spear-phishing attacks using vaccine-related themes: brand impersonation and business email compromise.

The former is an email attack form which is used to impersonate a well-known brand or organisation and includes a link to a phishing website advertising early access to vaccines, offering vaccinations in exchange for a payment, or even impersonating health care professionals requesting personal information to check eligibility for a vaccine.

Business Email Compromise (BEC) attacks are instead used to impersonate individuals within an organisation or their business partners. Barracuda observed that recently these highly targeted attacks turned to vaccine-related topics. Common examples include impersonating employees needing an urgent favour while they are getting a vaccine or an HR specialist advising that the organisation has secured vaccines for their employees.

“Combatting this growing threat first requires individuals and employees to be sceptical of all vaccine-related emails, especially those offering early access to the vaccine, to join a waiting list, or have the vaccine shipped directly to you – as a precaution you should never click on links or open attachments in these emails,” said Fleming Shi, CTO for Barracuda Networks.

“Scammers are also adapting email tactics to bypass gateways and spam filters, so it’s critical to have a purpose-built solution that uses machine learning to analyse normal communication patterns within your organisation, so that it can also spot anomalies that may indicate an attack, or if an internal email has been compromised.

“Finally, establishing strong internal policies and training staffers on how to recognise and report all attacks, not just those pertaining to the vaccine, will be the most effective method to bolstering defences against the ever-evolving email attack threat facing you.”