A recent report from Barracuda alerted how threat actors were capitalizing on the vaccine distribution campaigns through phishing attacks. However, a new study from an online threat hunting company, BrandShield found alarming evidence that over 5,000 suspicious and fraudulent COVID-19 vaccine websites have already been registered in the first two months of 2021. This is a steep rise of up to 2100% as compared to October-November 2020.
BrandShield took up this study as a part of its collaboration with the Pharmaceutical Security Institute (PSI), a trade association of pharmaceutical manufacturers focused on patient safety. The analysis revealed that notable instances of fraud on these suspicious websites include organizations claiming to offer vials of brand name vaccines approved by the FDA.
What experts say…
Yoav Keren, Co-founder and CEO of BrandShield said,
Fraud preys on the vulnerable, and there’s never been a more universal global threat than COVID-19. This environment is especially dangerous for our aging population. They were already the most at risk of suffering from the pandemic and online fraud; but now, cybercriminals have combined the two, creating a potentially deadly situation. It’s a double-whammy and one that I hope to help avoid.
What we say…
This means threat actors are targeting the lesser-known and newly approved brands. As people have limited knowledge about these brands’ online identity and acronyms, it is easier to create and imitate a fraudulent website. Also, since there’s an observed surge in COVID-19 cases around the globe – an indication of a mighty second wave – people are rushing to get vaccinated from any brand available at the earliest. Threat actors are leveraging this very fear and anxiety among the masses.
Social Media: The Latest Threat Surface
Since December 2020, BrandShield has analyzed over 20,000 potentially fraudulent social media posts, users, and handles. The data shows that the popular photo-sharing social media app, Instagram, accounts for most of the threats detected. Twitter, and surprisingly Telegram, are tied for the second most popular platforms of choice for fraudsters, followed by Facebook in the third place.
Scammers have often used social media platforms to market themselves. They impersonate legitimate pharmaceutical companies or lie about being able to sell vaccines. Social media platforms are also being used to sell fraudulent vaccines or drive people to phishing sites that can either steal their money or credentials. Fraudsters also dupe their victims on social media by promising them the sale of a potentially banned product or move the scam offline through private messaging.
What we say…
This trend is even more serious. This means phishing is no longer limited to just emails and SMSes, but it has now been widely targeted at popular social media platforms too. Emails and SMSes are used generally by an older population. Whereas social media has largely been used by the tech-savvy and Generation Z. Threat actors are now interested in targeting the younger masses who seem to be more susceptible and easier targets as they tend to spend more than saving.
Time to keep a closer eye on Generation Z!
Note of Caution
In the U.S. and EU, the vaccines are available through state-approved vaccination locations. Any offer online, over the phone, or in-person to supply vaccines or to charge you any associated cost is a scam. If you spot an online scam, please immediately report the crime to the Federal Bureau of Investigation’s Internet Crime Complaint Center, which can be found here.