New Phishing Scam Takes Advantage Of COVID-19 Pandemic: Fake Emails Asking For Proof Of Vaccination

by | August 29, 2021 | Cybersecurity News

As the pandemic goes on, scammers are preying on each new anxiety. For example, a new phishing scam relies on pandemic-themed emails to steal credentials, according to a new report from Proofpoint.

Phishers Keep Taking Advantage Of The Pandemic

Cybercriminals know that people are more likely to make mistakes when they are scared. So, paralleling the rise in the new delta variant cases, pandemic-related phishing email campaigns also see an increase.

According to security firm Proofpoint, pandemic-themed phishing attacks increased by 33% in June after concerns about the virus cooled down temporarily this spring and early summer. The spike occurred right when Google searches for “delta variant” were peaking.

Eary on the pandemic, when many Americans found themselves without a job, digital security firm Aura noted that phishing scams focused on unemployment claims by 40 times.

By that time, the pandemic was still a context of uncertainty and the unknown. However, now we’re learning to live day-to-day life without proper precautions when it comes to cybersecurity. By now, the coronavirus has become a banal reality for many.

And what can be banaler than paperwork? Employers often ask for negative coronavirus test results, return-to-work feedback forms, and, sometimes, even proof of vaccination, creating a very fertile ground for phishing and ransomware.

“This has gone from a panicky cultural mood to something that’s become this rote, operationalized bureaucracy,” vice president of threat research and detection at Proofpoint, DeGrippo, said. “That almost makes it easier for the bad actors because people are getting used to: ‘Upload your negative test here, go download this covid form, fill it out.’ ”

So, next time you get an email with COVID-19 updates, check it very thoroughly for signs of phishing.

Cybercriminals Ask For Proof Of Vaccination In New Phishing Scam

Many companies, including Google and Facebook, are now requiring employees to get the vaccine before returning to work.

Be extra cautious if you receive an email asking for proof of vaccination. Your vaccination card contains data that hackers might take an interest in, such as your birth date.

Proofpoint spotted huge phishing campaigns in which attackers pretended to be from corporate HR departments and asked victims to submit information related to their vaccination statuses. The malicious links in these emails led to fake Microsoft sign-in pages, like the one below, with the purpose of stealing employees’ credentials.

A new phishing scam asks victims for proof of vaccination and steals their personal information.
Source: Proofpoint

Prevent Phishing Attacks With ATTACK Simulator’s Security Awareness Training Program

Phishing attacks exploit human emotions that make them vulnerable, such as trust or fear. Fear induced by the pandemic makes for a perfect context for phishers to act. The coronavirus isn’t going anywhere any time soon, nor do the scammers, so the future of your company is in your hands.

This is why your employees are the weakest link in the chain and the most susceptible to be bombarded with phishing attempts. That is until you educate them on lurking cyber threats.

We believe that mistakes are the best teachers, so the best way for your employees to learn to detect and prevent a phishing scam is to experience one hands-on. Therefore, your employees will be exposed to real-life simulations. The purpose of these simulated attacks is to help your staff develop efficient defense mechanisms and acquire valuable decision-making skills.

You’re in for some amazing stuff if you choose our Security Awareness Training program:

  • Automated attack simulation – we simulate all kinds of cyberattacks: phishing, malware, ransomware, spear-phishing, identity theft, online privacy attacks, online scams etc.
  • Real-life scenarios – we evaluate users’ vulnerability to give company-related or pesonal data away using realistic web-pages.
  • User behavior analysis – we gather user data and compile it in extensive reports to give you a detailed picture of your employees’ security awareness level.
  • Malicious file replicas – our emails contain malware file replicas, to make the simulation as realistic as it can be.
  • Interactive lessons – if employees fail to recognize our traps and fall into one, they will be redirected to landing pages with quick reads on the best security practices.
  • We impersonate popular brands on our simulated phishing pages – the user will be more tempted to click on the URL or open the attachment in the email.

Never leave till tomorrow that which you can do today. Chaos can strike at any moment and can cost you your entire business, so request your quote here and help your employees build better defenses against scammers.


The Washington Post

the cyberwire


Feature Image: Photo by Hakan Nural on Unsplash

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.