Malicious Cyber Activity Related to the COVID-19 Vaccine

Summary

Throughout the COVID-19 pandemic, cyber threat actors have capitalized on global interest surrounding the virus to target users. Early in 2020, thousands of website domains related to COVID-19 were registered, and many of these websites were subsequently used to host malware and for other fraudulent activity. Phishing emails using COVID-19 lures have also been sent to users in an attempt to convince the recipient to divulge sensitive or financial information, or open malicious links or attachments. These same tactics continue to be employed, now with COVID-19 vaccine themes and lures. COVID-19 vaccine-themed phishing emails may include subject lines that make reference to vaccine registration, information about vaccine coverage, locations to receive the vaccine, ways to reserve a vaccine, and vaccine requirements. Links and attachments included in various phishing campaigns may employ brand spoofing and impersonate well-known and trusted entities, such as government agencies, healthcare providers, or pharmaceutical companies.

One email campaign targeting New Jersey state employees impersonated the Centers for Disease Control and Prevention (CDC) and requested the recipient to click on the included link in order to view a secured message to complete a count for COVID-19 vaccines. The link directs the user to a webpage that attempts to collect personally identifiable information (PII), including name, address, date of birth, driver’s license number, phone number, and email address.

In addition, as many become impatient and more desperate to receive a COVID-19 vaccine, advertisements for supposed “legitimate” vaccines have appeared on dark web marketplaces. As Europol notes in their Public Information report, these will be ineffective at best and toxic at worst. Users are advised to only receive vaccines from authorized entities. Operation Stolen Promise , launched by US Immigration and Custom Enforcement (ICE), provides information regarding fraudulent and criminal activity related to COVID-19, including the illicit sale and distribution of counterfeit or unauthorized vaccines and treatment.

Misinformation and disinformation regarding COVID-19 vaccines are already circulating, particularly on social media platforms, and will likely continue for the foreseeable future. It is imperative to only seek out vaccine information from official sources, such as the Centers for Disease Control and Prevention, World Health Organization, or your healthcare provider. The New Jersey Office of Homeland Security and Preparedness manages the COVID-19 Rumor Control and Disinformation web page to provide users with accurate information related to COVID-19.

Recommendations

We encourage users to educate themselves and others on current tactics employed by threat actors in order to reduce victimization. Users are advised to refrain from taking action on emails from unknown or unverified senders – including opening links or attachments, or divulging information – and verify emails that appear to be sent from known entities. Look for signs of email spoofing and contact the sender via a separate means of communication to verify an email’s legitimacy. Additionally, refrain from submitting personal or financial information into unverified websites. The Federal Trade Commission ( FTC), Food and Drug Administration (FDA), and Federal Emergency Management Agency (FEMA) provide additional information regarding recent malicious cyber threat activity related to the COVID-19 vaccine.