COVID vaccines are finally reaching many people around the world, but be careful you don’t get phished by vaccine scam websites. Security researchers at Webroot have found that the registration of new websites featuring the word “vaccine” in their URL have increased by 94.8% in just one month, since vaccines became publicly available. If history has taught us anything, it’s a sign that scammers are using vaccine hype as a tool to prey on unsuspecting people.
Similar to the COVID phishing attacks which skyrocketed in March 2020, the plan of attack is to harness fear and urgency to entice users to give up details like email addresses, passwords, social security numbers, and more.
Webroot, who performed the study that found the increase in vaccine related URL registration, found a huge spike in malicious websites using other words too, such as:
COVID-19
Corona
Vaccine (and various misspellings)
Cure COVID
COVID Test
And many others
So… how do we stay safe?
Well besides the usual layers of security, like email filtering, antivirus tools, and strong password practices, we have a couple other recommendations:
First would be to invest in security training to help your team spot scams before clicking on them. Ninjio makes great training videos that are easy-to-understand, and we fully recommend them. You can check out some sample videos here.
Second, you should consider adding DNS filtering to your security arsenal. Our favorite tool for this is called DNSFilter. DNS Filtering blocks access to websites at the network level, stopping access to harmful categories of content, like gambling and adult content, as well as “new sites”—just like the scam vaccine pages highlighted in the article above—created by scammers with purely malicious intent.
Attackers prey on your emotion—they want to cloud your judgement by making you think something urgent is at stake, using tactics like informing you of critical public health updates.
Thankfully, most phishing emails and scam websites can be spotted by looking at the wording, the sender (or the URL, if you’re viewing a webpage), and the images/logos for anything that looks off. If you receive any kind of message that’s unsolicited or from an unknown sender:
- Don’t share your personal information
- Avoid clicking links
- Don’t download files
Clicking links or downloading files from mysterious emails could infect your computer with malware, or bait you towards websites (like the one mentioned above) where your information may be phished. Rule number 1 is special though:
Legitimate services will never ask you for personal information over email! Security questions like “What is the name of the street you grew up on?” exist specifically so that services can identify you as the account-holder without asking for your username and password.
Concerned that your team might be vulnerable to a scam like this? Get in touch and we can assess your organization’s security. Stay safe out there.
Free eBook: Small Business Security Trends 2020
Join our newsletter, Scan For Updates, and receive the eBook Small Business Security Trends 2020 for free. This guide contains insights related to shoring up your organization's weak points, as well as 5 case studies of Michigan companies who have navigated common security risks.