According to a new Kaspersky report, “Spam and Phishing in Q1 2021” scammers continue to exploit the interest in COVID-19 vaccine with governments accelerating the inoculation process.
Kaspersky researchers discovered various types of phishing pages distributed all over the world as well as spam letters wherein recipients are invited to get a vaccine, or to take part in a survey. The cybersecurity firm said some users from the United Kingdom received an email that appeared to come from the country’s National Health Service. The recipient was invited to be vaccinated, having first confirmed their desire to be vaccinated by following the link.
To make a vaccination appointment, the user had to fill out a form with personal data, including bank card details. As a result, the victim handed their financial and personal data to the attackers.
Kaspersky discovers selling of COVID-19 vaccines, vaccination records in the Darknet
Kaspersky reveals Lazarus APT group targets vaccine research
“In 2021, we saw a continuation of 2020 trends. Cybercriminals are still actively using the COVID-19 theme to entice potential victims,” said Tatyana Shcherbakova, a security expert at Kaspersky. “As coronavirus vaccination programs have been rolled out, spammers have adopted the process as bait. It is important to remember that though such offers may look very favorable, the likelihood of a successful deal is zero. The user can avoid losing data or, in some cases money if they remain vigilant to the supposed lucrative offers distributed online,”
Vaccination survey
Another way to gain access to users’ personal data has been through fake vaccination surveys. Scammers sent emails supposedly on behalf of large pharmaceutical companies producing COVID-19 vaccines, inviting the recipient to take part in a short survey. All participants were promised a gift for their participation in the survey. After answering the questions, the victims were redirected to a page with the “gift.” To receive the prize, users were asked to fill out a detailed form with personal information. In some cases, the attackers asked for payment of a token amount, for delivery.
Lastly, Kaspersky experts found spam letters offering services on behalf of Chinese manufacturers. The emails offered products to diagnose and treat the virus, but the emphasis was on the sale of vaccination syringes.
In order to avoid falling victim to a scam, Kaspersky advises users:
- To be skeptical of any unusually generous offers and promotions
- To verify that messages are coming from reliable sources
- Not to follow links from suspicious emails, instant messages, or social network communication
- To check the authenticity of websites they visit
- To install a security solution with up-to-date databases that include knowledge of the latest phishing and spam resources