Much in the same way that cybercriminals have targeted remote workers throughout this pandemic, they have also set their sights on other unsuspecting victims by various means. This time, the latest attacks have come in the form of malicious email campaigns concerning the newest coronavirus development: the COVID-19 vaccine.
You can always count on cybercriminals to take advantage of a situation, and this one (as sensitive and as serious as it is) is no different. Here’s how they’re doing it.
Shortly after the news of an approved COVID-19 vaccine began to circulate, phishing campaigns designed to exploit the uncertainty surrounding and limited access to the vaccine began spreading to unsuspecting inboxes everywhere. These malicious email campaigns featured misleading subject lines that promised the recipient access to limited vaccines, only to expose them to dangerous malware and remote access trojans (RAT) once opened.
As malicious as this social engineering scheme is, it’s not totally unpredictable. “Malicious actors had a field day back in March and April as the coronavirus washed over countries around the world. It was and still is the perfect tool for social engineering scared, confused, and even downright paranoid end users into opening the door to your organization’s network,” said our friends at KnowBe4. “Put very simply, this is pretty much what we expected.”
So, now that these phishing campaigns have arrived, what can you do?
Based on what we’ve seen, these phishing campaigns have been designed to take advantage of some of the most common questions about the uncertainties surrounding the COVID-19 vaccine, including:
So, when it comes to protecting your information from these attacks, be wary of content that comes from suspicious email addresses that use highly emotive language to direct you to hyperlinks that contain misspelled domain names or unfamiliar sites.
This is a hot button issue that will inevitably develop and evolve over the coming months, so constant vigilance is a must on all fronts. Encourage your team to stay aware, use their best judgment and remember that if an email promises something too good to be true, then it most likely is!
It may be a new year, but 2020’s issues haven’t hesitated to follow us around the corner, making vigilance just as important now as it was when the COVID-19 pandemic began. Keeping your team up to speed on cybersecurity awareness and best practices has never been more critical, and now is the time to act.
If this year has taught us anything, it’s that everything can change on a dime. Technology and cybersecurity are no exception. Technology is constantly evolving in one way or another. In a world where “adapt and survive” is becoming more of a...
Read more