Beware of COVID-19 Vaccine Phishing

Summary

As with other topics of national and global interest, threat actors are employing vaccine lures to convince potential victims to divulge sensitive or financial information, or open malicious links or attachments included in phishing emails. Several organizations, such as the Better Business Bureau, Food & Drug Administration, and security awareness training company KnowBe4, are warning users to be on the lookout for vaccine-themed scams and phishing emails with varying subject lines that may include references to a survey, information about vaccine coverage, locations to receive the vaccine, ways to reserve a vaccine, and vaccine requirements. Links and attachments included in these phishing campaigns may use brand spoofing and impersonate well-known and trusted entities. With many continuing to work from home, users may let their typical guards down and be more likely to take action on emails from unverified senders, particularly those dealing with measures that affect health and public safety.

Recommendations

The NJCCIC encourages users to educate themselves and others on current tactics employed by threat actors in order to reduce victimization. Users are advised to refrain from taking action on emails from unknown or unverified senders – including opening links or attachments, or divulging information. Look for signs of email spoofing and contact the sender via a separate means of communication to verify the email’s legitimacy. Review the NJCCIC post Don’t Take the Bait! Phishing and Other Social Engineering Attacks for more information on these tactics and recommendations to reduce victimization.