COVID-19 Vaccine Related Phishing and How You Can Protect Your Organization
As the COVID-19 pandemic continues to claim lives across the globe and infection rates continue to soar, scientists are continually looking for a solution to end the world’s suffering. In the past weeks, vaccine manufacturers, such as Moderna and Pfizer-BioNTech, have published encouraging results from the last stages of their vaccine trials, giving the world a glimpse of hope.
However, with all these vaccines that have been developed and those in their final stages, none has been officially released for mass consumption. As the population continues to get overwhelmed with pandemic fatigue and scientists get closer to developing a real vaccine, cybercriminals are now using the developed vaccines as a ploy in their extortion activities.
What are phishing emails?
Phishing is a form of social engineering often used by cybercriminals to trick their targets into providing them with their personal information and account data. Once this information is obtained, these malicious actors use the targets’ credentials or install malware into their systems to obtain data. Phishing is carried out via text messages, instant messages, social media messaging platforms, phone calls, or email. However, phishing emails are the most common. The recipient of the email is usually tricked into clicking on a malicious link, which may lead to the installation of malware that may obtain sensitive information or freeze the recipient’s system as a way to deny services as part of a cyberattack.
At the initial stages of the COVID-19 pandemic, these emails came in different forms with luring subject lines such as:
- What to do if you have come into contact with someone with COVID-19.
- Free COVID-19 testing emails.
- Advice on what to do if you have violated COVID-19 health protocols.
The main aim of these emails was to exploit the anxiety surrounding the pandemic. With the vaccine in sight and the topic naturally arousing excitement and attention, these emails are now being tailored to announce the promise of COVID-19 vaccines.
How can you identify phishing emails? As an organization, you have probably already started seeing vaccine-themed phishing emails or may expect to start seeing these emails in the next few weeks. But how exactly do you distinguish these fake emails from verified ones to protect your employees and ultimately protect your organization’s systems?
Here are several tips to help you identify phishing emails:
- Legitimate companies don’t request sensitive information via email: The chances are that if you receive an email purporting to be from a legitimate institution that provides you with an attachment or link and asks you to provide sensitive data, it’s a scam. Most verified organizations don’t send emails asking for credit card information, account usernames and passwords.
- Legitimate companies don’t send unsolicited links or attachments: Unexpected emails that contain links and attachments reek of hackers. Authentic organizations don’t randomly send you emails with links or attachments; they usually direct you to their websites.
- Look out for spelling errors: The easiest way to recognize a phishing email is terrible grammar. Emails from a verified organization are usually well-written.
- Legitimate companies have domain emails: Don’t only check the name of the person sending you the email, also check the email address. Most companies use their domain email addresses when sending out emails. However, this is not a foolproof method of identifying phishing emails.
How can you protect your organization against phishing attacks?
To protect your organization from phishing attacks, you need to practice vigilance. Training your employees on what to look out for when it comes to distinguishing phishing emails goes a long way toward protecting your organization from malicious attacks.
The following pointers will help to mitigate risks for phishing attacks:
- Use two-factor or multifactor authentication methods to add an extra verification layer when logging in to sensitive applications.
- Integrate firewalls to establish a barrier between your internal network and incoming traffic from external sources to block malicious traffic.
- Keep all your software and applications updated.
- Install security software such as antivirus, antispyware and anti-malware programs to help detect and remove malicious programs.
- Enable email filtering to filter out incoming emails for phishing content and automatically move them to a separate folder.
No matter how secure your company’s network is, it only takes one reckless employee to fall victim to a phishing attack and send your company’s data into the hands of cybercriminals. Your employees need to understand and be able to recognize phishing emails to protect your organization.