FP TrendingMar 09, 2021 17:35:50 IST
Hackers and phishers have significantly shifted their target to vaccine-related cheating activities ever since pharmaceutical companies like Pfizer and Moderna have announced the availability of vaccines for COVID-19. While these cybercriminals used the coronavirus pandemic before to steal data and money from people across the world, with the announcement of vaccines coming out, the phishers have also increasingly started using vaccines for their attacks, found a study conducted by researchers at Barracuda Networks. The firm provides cloud-enabled security solutions.
Factors like urgency, heightened fear and uncertainty, and social engineering, are some of the common tactics used to lure victims.
The team analysed data collected between October last year and January 2021 and found that the number of vaccine-related phishing attacks increased by as much as 12 percent once major pharmaceuticals announced the availability of vaccines in November 2020. The trend only kept rising in the next few months, with the spike reaching 26 percent by the end of January this year.
According to a press release, cybercriminals have been targeting the vulnerability of people and fooling them to fall into traps. Factors like urgency, heightened fear and uncertainty, and social engineering, are some of the common tactics used to lure victims as found by the Barracuda researchers.
The two predominant types of spear-phishing attacks in the vaccine-related cases noticed by the firm were using brand impersonation or employing business email compromise. Both of these methods are far more complicated than being simple scams.
As per the release, the scamsters impersonated a well-known brand or organisation while sending vaccine-related phishing emails. The mails usually carried a link to a phishing website that promised early access to vaccinations in exchange for a payment, or the mails were designed so that they seem to have been sent by health care professionals. The experts seemingly addressing the mails would be requesting personal information to check eligibility for a vaccine.
On the other hand, business email compromises are being conducted by impersonating employees needing an urgent favour while they are getting a vaccine. Another case is the impersonation of an HR specialist who is advising that the organisation has secured vaccines for their workers.
