Phishing emails tempting people with fake coronavirus vaccines

As researchers race to develop a COVID-19 vaccine, phishing campaigns have landed on a topic ripe for exploitation, says Check Point Research.

Email / envelope with black document and skull icon. Virus, malware, email fraud, e-mail spam, phishing scam, hacker attack concept. Vector illustration

Image: Vladimir Obradovic, Getty Images/iStockphoto

Cybercriminals have exploited virtually every aspect of the coronavirus pandemic as they aim malware at people curious or anxious about the outbreak. We've seen phishing emails and malicious content centered around the initial spread of the virus, the resulting lockdown, the transition to remote working, the stimulus payments, and the return-to-work effort.

SEE: Fighting social media phishing attacks: 10 tips (free PDF) (TechRepublic) 

But one especially sensitive area found in many phishing emails has been the promise of a coronavirus vaccine. This topic naturally arouses attention and excitement as many people believe that the only way we'll return to some sense of normalcy will be through a COVID-19 vaccine. A report released Tuesday by cyber threat intelligence provider Check Point Research highlights some of these campaigns and offers advice on how to combat them.

In one phishing attack analyzed by Check Point, emails touted a subject line of "URGENT INFORMATION LETTER: COVID-19 NEW APPROVED VACCINES." The attached EXE file named "Download_Covid 19 New approved vaccines.23.07.2020.exe" promised details on a vaccine. But clicking on the file actually installs an InfoStealer that tries to obtain usernames, passwords, and other login information.

In another phishing campaign, an email is sent with the subject line: "UK coronavirus vaccine effort is progressing badly appropriate, recruiting consequence and elder adults." The email contains a malicious link named "surgicaltoll\.com/vy2g4b\.html." This link now seems to be inactive but previously redirected users to a medical phishing website called "thelifestillgoeson.su" that attempted to imitate a legitimate Canadian pharmacy.

vaccine-phishing-website-check-point.jpg

Image: Check Point Research

Despite the prevalence of these phishing emails, the number of coronavirus-related cyberattacks has actually been dropping over the past few months. July saw a weekly average of 61,000 such attacks, a 50% decline from the 130,000 seen weekly in June. Still, as the virus continues to pose a threat, cybercriminals are more than happy to exploit the latest trends.

"Lately, we're seeing a clear trend with hackers: Deceive the masses by their interest in coronavirus vaccines," Check Point data manager Omer Dembinsky said in a press release. "Most of the campaigns involve a person's inbox, which is concerning. Over 80% of attacks against organizations start from a malicious email. Email is the first link in a chain of attacks. Since email attacks usually involve the human factor, employees' email inboxes are an organization's weakest link."

SEE: Cybersecurity: Let's get tactical (free PDF) (TechRepublic)

To help protect yourself and your organization from these types of phishing attacks, Check Point offers the following advice:

  • Check the full email address on any message and be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Do not supply login credentials or personal information in response to a text or email.
  • Protect mobile and endpoint browsing with advanced cyber security solutions, which prevent browsing to phishing web sites, whether known or unknown.
  • Use two-factor authentication to verify any change to account information or wire instructions.
  • Continuously educate your end users. Whenever irreversible actions such as money transfers are conducted, details of the transaction must be verified by additional means such as voice communication and must not exclusively rely on information from email correspondence.
  • Regularly monitor financial accounts.
  • Keep all software and systems up to date.
  • Make sure you are using an email security solution that blocks sophisticated phishing attacks like BEC (Business Email Compromise) in order to prevent them from reaching employees' mailboxes to begin with.

"Closing this security gap requires protections against various threat vectors: Phishing, malware, data theft, and account takeover," Dembinsky said. "I strongly urge everyone to closely read the subject lines of emails coming in. If it has the word 'vaccine' in it, think twice."

Also see