It is being reported by the users on the Twitter that they have received phishing emails claiming to be from the UK’s National Health Services (NHS) offering them to sing-up to receive the COVID-19 vaccine. At the sign-up process, it will prompt the users to provide the sensitive information such as name, adddress, credit card and banking information. The cyber security experts commented below on the danger of phisphing emails especially when the threat actor is using sensitive issue such as COVID-19 to trick the recipients to provide the personal information.
<p>The current pandemic presents a great opportunity for scammers and cybercriminals worldwide to take advantage of individuals. We’ve seen similar situations in various regions around the globe. One thing that people need to know is that they should never give out any personal information via phone or email. They also need to be aware that there is no official means of buying the vaccine nor an earlier appointment to be vaccinated. The Covid vaccine is government-sponsored and is not offered for sale. In case of doubt, contact the vaccination centre in your region directly. Do not respond to calls or emails that request credit card information or any other means of payment.</p>
<p>Colour me as not surprised that the latest COVID-19 pandemic threat is focused on consumers looking to schedule vaccinations. Do nation-state threat actors have no shame? Their year-long attacks on companies at the forefront of medical care and research has shown a cold-calculus. Brazen attempts from state sponsored threat actors in China, North Korea, Iran and Russia to disrupt the COVID-19 supply chain, the administration of vaccines and the return to health of thousands of people that are sick with the virus, are acts of war and one can hope these cyber thugs are eventually brought to justice. </p> <p> </p> <p>Kudos to law enforcement agencies and every person involved in the investigation of COVID-19 related fraud and scams. For people looking to schedule a vaccination, this isn\’t the first or last time social engineering will be used to steal proprietary information from individuals for profit. Consumers should never open attachments from untrusted people and sources, visit dubious websites or download information from untrusted places. To eliminate the cyber risk involved in scheduling a vaccination, go directly to the hospital\’s or clinic\’s website or make a phone call to do your scheduling. Never open an attachment via email as phishing scams will continue so long as the market exists.</p>
<p>Whenever there is a newsworthy incident or event, criminals are quick to jump on the bandwagon with phishing scams and attacks to try and obtain personal details, compromise organisations, or steal money.</p> <p> </p> <p>The pandemic has provided ample opportunities for criminals who have been adapting their techniques over the last year with phishing attacks claiming to originate from health organisations like the WHO, or playing on peoples financial difficulties with emails which claim to be from HMRC.</p> <p> </p> <p>With the vaccine rollout in progress, it\’s no surprise that the criminals have shifted to try and scam people through fake vaccine registration pages.</p> <p> </p> <p>It\’s therefore important that people remain vigilant at these times as to which links they click on and where they share any personal information. When in doubt, they should contact their dr or healthcare provider through tried and trusted channels and not give any information to unknown websites, text messages, or phone calls.</p>
<p>Attackers will look for any opportunity to exploit human weakness, and in this particular case, appealing to human nature tempting people to click on phishing links that might take them to medical vaccination sites. There has also been an increase in appealing to human nature where fake sites set up to harvest personal information to help people in communities.</p> <p> </p> <p>As long as emails are a means of communicating, scammers will attempt the same with fake emails. Email as implemented today is a terrible system for conducting business. While attempts have been made to improve the technology, none of them have taken hold. </p> <p> </p> <p>It’s especially difficult for many people to recognize a scam when it carries the apparent NHS authority in the communication, which is why we see many of these COVID-related scams.</p> <p> </p> <p>Individuals must show extreme caution to all links and attachments sent to them and have the mindset that if it looks too good to be true, then avoid it at all costs.</p>
<p>Covid-related vaccine scams have been making the rounds in countries around the globe. And I suspect there will be more to come in the near future. When rolling out new initiatives where there is the potential for misinformation or confusion to spread, bad actors will certainly take advantage. Be vigilant. Do your own research about what the vaccine involves, legitimate sources to get the vaccine, what the process is, etc. That’s specifically why the abundance of crowdsourced informational sites exist – we have found most of the official sites to be lacking in usability or clarity. But if something feels off, it probably is.</p>