Recent COVID-19 vaccine news: from phishing to cyber espionage
In December, INTERPOL issued an alert to law enforcement across 194 countries, warning them to prepare for crimes revolving around COVID-19 vaccines. Hackers are already targeting individuals, companies, and government agencies. Investigators have also reported vaccine-related activities on the dark web. Let’s discuss the most recent cases.
“Fill out the form” to get a vaccine
While the world was watching the first person in the UK getting the jab, hackers were already sending out phishing emails. Research has revealed that people received emails encouraging them to fill out a form to register for a vaccination. What perpetrators were looking for was personal information and users credentials.
Although the emails were poorly written and contained grammatical errors, some people probably fell for the scam. It will take a while to vaccinate millions of people, and phishing emails will be around until the pandemic ends.
A cyber-espionage scheme targeting supply chains
An IBM security team revealed an international cyber-espionage scheme. Hackers sent phishing emails to organizations in the vaccine supply chain in six different countries. They targeted both governmental organizations and companies.
IBM experts claim that the attack started in September. Perpetrators impersonated an executive from a Chinese company involved in the supply chain to make it look more realistic. The phishing emails contained malware and asked for people’s login credentials.
As the targets were very specific, researchers believe that the attack was conducted by a foreign entity with the intention of learning about the vaccine distribution infrastructure.
Hackers steal Pfizer/BioNTech COVID-19 vaccine data
The European Medicines Agency (EMA) suffered a cyberattack, and documents related to the development of the COVID-19 vaccine by the US drugmaker Pfizer and its German partner BioNTech were accessed.
The documents included information about the candidate vaccine, its possible side effects, efficiency, and other highly confidential medical information. However, the companies said that no personal information of trial participants was revealed. The EMA did not give any explanation as to how the attack was conducted.
General rules of COVID-19 vaccine awareness
Governments will distribute the COVID-19 vaccines at their own pace, and it will definitely take time. Follow your local news and read the information on official government websites to get the latest updates. However, we can assure you that:
Consider requests for sensitive information carefully. If you get a call, SMS message, or email asking for your personal details like passwords, credit card numbers, or your home address, it’s a scam. Criminals can pretend they are from your local hospital or any other health organization. Everything might look very professional, leaving no room for doubt.
Nobody will ask you to pay for putting your name on a vaccination list. Perpetrators can try to persuade you to pay for the vaccine to get it before everyone else. They might send phishing emails encouraging you to click on a link referring to a fake website to make a payment.
No third parties will be allowed to advertise vaccines online. If you bump into ads or pop-ups offering to buy a vaccine, ignore them — it’s almost certainly a scam. Vaccines will be distributed by healthcare providers, and they definitely won’t use pay-per-click advertising to inform citizens.
Vaccines won’t be sold online. Hackers can set fake websites impersonating legit online pharmacies to trick you into buying a vaccine. A recent analysis by INTERPOL’s Cybercrime Unit exposed 3,000 websites selling illicit medicines and around 1,700 containing malware. These numbers will definitely grow in 2021.
Red flags to look for:
- Grammatical errors in the emails or SMS messages;
- Asking you for more information than is required;
- Urging you to reveal personal details or fill some kind of a form as soon as possible;
- Suspicious attachments and links;
- Claims that there might be not enough vaccines and, if you don’t register now, it can take months for you to get the shot;
- Vaccine-related ads and pop-ups.
What can we expect in 2021?
In June 2020, the UCSF School of Medicine paid a $1.14 million ransom after hackers encrypted important information related to COVID-19 vaccine development. Cybersecurity experts predict that ransomware will be among the main threats to healthcare organizations during vaccine distribution. With millions infected and dying every day, hospitals might have no other choice but to pay the perpetrators.
While a scammed individual might only lose their money, an attack on a healthcare institution could break the whole distribution chain and even lead to the death of the most vulnerable members of society.
Hackers won’t back off, and vaccine-related criminal activities will only surge. Cybersecurity and general awareness are now more important than ever.
Want to read more like this?
Get the latest news and tips from NordVPN