Alert: “Reserve Your COVID-19 Vaccine Today!” | Ron Benvenisti

If you received one of these e-mails, you’re not alone.

The COVID-19 pandemic prompted a mass shift to telework among many US businesses, resulting in increased use of web-based email applications. According to recent FBI reporting, cyber criminals are implementing auto-forwarding rules on victims’ web-based email clients to conceal their activities. The web-based client’s forwarding rules often do not sync with the desktop client, limiting the rules’ visibility to cybersecurity administrators. Cyber criminals then capitalize on this reduced visibility to increase the likelihood of a successful business email compromise (BEC). BEC schemes resulted in more than $1.7 billion in worldwide losses reported to the Internet Crime Complaint Center (IC3) in 2019. The FBI is sharing this information to inform companies of this email rule forwarding vulnerability, which may leave businesses more susceptible to BEC.

As with other topics of national and global interest, threat actors are employing vaccine lures to convince potential victims to divulge sensitive or financial information, or open malicious links or attachments included in phishing emails. Several organizations, such as the Better Business Bureau, Food & Drug Administration, and security awareness training company KnowBe4, are warning users to be on the lookout for vaccine-themed scams and phishing emails with varying subject lines that may include references to a survey, information about vaccine coverage, locations to receive the vaccine, ways to reserve a vaccine, and vaccine requirements.

Links and attachments included in these phishing campaigns may use brand spoofing and impersonate well-known and trusted entities. With many continuing to work from home, users may let their typical guards down and be more likely to take action on emails from unverified senders, particularly those dealing with measures that affect health and public safety.

KnowBe4 today issued a warning on the potential for a surge of phishing attacks that take advantage of COVID-19 vaccine updates.

With infection rates soaring around the world, the impending news about COVID-19 vaccines is highly anticipated and as soon as it hits inboxes, people will be more likely to click. The KnowBe4 Q3 2020 Top-Clicked Phishing Report found that coronavirus-related phishing email attacks were still prevalent.

“With the world on high alert for good news about the COVID-19 vaccines, the bad guys are also waiting to take advantage of this news by crafting new attacks,” said Stu Sjouwerman, CEO, KnowBe4. “End users should be particularly suspicious of any vaccine-themed emails, especially those containing attachments or instructing them to click on a link, as these emails could very well be part of a social engineering attack. Given that we are in a time where emotions are heightened, we must keep cybersecurity top of mind.”

‘Tis the Season for Holiday Phishing

Phishing campaigns may entice users with special offers and convey a sense of urgency with designated shopping days, such as Black Friday. This message may contain various “shopping discount codes” in the subject line. Attachments may end in .scr or .img that, if clicked and executed, install malware.

There has been a dramatic increase in the number of phishing emails impersonating shipping companies—such as DHL, Amazon, and FedEx. Cybercriminals target users with shipping and delivery notifications and report delivery issues or tracking details to convince them to disclose personal information.

Cybercriminals may attempt to target users to update financial account information. In this example, the phishing email contains spelling errors and may contain keywords—such as reminder, alert, or important update—in the subject line. It also contains an HTML attachment or phishing URL to review their account that, if opened, directs them to a spoofed American Express authentication page designed to harvest email credentials and banking accounts. Other examples include subject lines of “daily transaction notice,” “usage is restricted,” and “your account is locked.”