According to researchers at IT company Barracuda Networks, the phishing and BEC attacks related to the vaccines for COVID-19, saw a 26% increase in just three months.
Η company analyzed the phishing emails received by organisations between October 2020 and January 2021.
What the researchers found is that the volume of spear-phishing attacks related to COVID-19 increased by 12% following the announcements of the Pfizer and Moderna on vaccines, in November 2020. The number of these attacks doubled by the end of January 2021.
This clearly shows how cyber criminals operate. The hackers modify their campaigns to suit the events and circumstances of each period. In this way, they increase the chances of a successful attack, since the users can be more easily fooled when they see a message about a serious and topical issue.
Unlike other companies, Barracuda Networks tracks the BEC attacks as a kind of spear-phishing. This kind of phishing, then, and the impersonation of a trade name were the most common types of phishing attacks the company detected during this period.
Regarding the impersonation of the name, hackers may be impersonating known health professionals and request information or drive them users on phishing sites that look like the sites of organisations promoting vaccines and treatments for COVID-19.
Barracuda Networks also identified BEC scams that attempted to trick recipients into making money transfers. For example, the criminals posing to victims as colleagues and asking for a sum of money to get the vaccine, or posing as human resources managers and asking for money for a batch of non-existent vaccines supposedly intended for workers.
The company's CTO, Fleming Shi, urged all employees to be careful with the emails they receive, as they may be phishing.
“Fraudsters also adapt their tactics to bypass gateways and spam filters, so it's important to have a purpose-built solution that uses machine learning to analyse communication patterns within your organisation so that it can identify anomalies that may indicate a attack ή Oversight an email", he added.
“Finally, the establishment strong domestic policies and the staff training on how to identify and report all attacks, not only those related to COVID-19 vaccines, are the most effective methods to strengthen defences“.
Source: Infosecurity Magazine
