FP TrendingMar 10, 2021 10:26:25 IST
Hackers and phishers have shifted their target to vaccine-related cheating activities ever since pharmaceutical companies like Pfizer and Moderna have announced the availability of vaccines for COVID-19. These cybercriminals used the coronavirus pandemic to steal data and money from people across the world. With the announcement of vaccines, they have also started using vaccines-related deceptions for their attacks, a study found. This study was conducted by researchers at Barracuda Networks which is a security firm that provides cloud-enabled security solutions.
The mails usually carried a link to a phishing website that promised early access to vaccinations in exchange for a payment, or the mails were designed so that they seem to have been sent by health care professionals.
Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details or other sensitive details, by impersonating oneself as a trustworthy entity in digital communication.
According to CSO, spear phishing is the act of sending and emails to specific and well-researched targets while purporting to be a trusted sender. The aim is to either infect devices with malware or convince victims to hand over information or money.
The team analysed data collected between October 2020 to January 2021 and found that the number of vaccine-related phishing attacks increased by as much as 12 percent once major pharmaceuticals announced the availability of vaccines in November 2020. The trend only kept rising in the next few months, with the spike reaching 26 percent by the end of January this year.
According to a press release, cybercriminals have been targeting the vulnerability of people due to the pandemic and fooling them with elaborated traps. Factors like urgency, heightened fear and uncertainty, and social engineering, are some of the common tactics that these phishers use to lure their victims Barracuda researchers found.
The two predominant types of spear-phishing attacks in these cases were using brand impersonation or employing business email compromise. Both of these methods are far more complicated than being simple scams.
As per the release, the scamsters impersonated a well-known brand or organisation while sending vaccine-related phishing emails. The mails usually carried a link to a phishing website that promised early access to vaccinations in exchange for a payment, or the mails were designed so that they seem to have been sent by health care professionals. The experts seemingly addressing the mails would be requesting personal information to check eligibility for a vaccine.
On the other hand, business email compromises are being conducted by impersonating employees needing an urgent favour while they are getting a vaccine. Another case is the impersonation of an HR specialist who is advising that the organisation has secured vaccines for their workers.
