Two security firms, Check Point and KnowBe4, have alerted the world to a growth in phishing campaigns that use a Covid-19 vaccine as a ruse.
It finally happened: hackers are using promises of Covid-19 vaccines to steal your information. There is a notable increase in alleged dark web vaccine advertisements in the past few days according to published research from Check Point and KnowBe4.
One particular phishing example is an email promising access to COVID-19 vaccines that, in fact, provide access to the Agent Tesla keylogger access trojan (Rat).
Phishing generally presents an authentic-looking website that then steals information from a user as they log-in. Other scams are as simple as asking a user to do business over WhatsApp or Telegram, promising prescription pills in addition to COVID-19 vaccines.
A more sophisticated hacking scam exploits data stolen from the Pfizer/BioNTech vaccine to scare users into giving up their credentials.
Eric Howes of KnowBe4 said that scare tactics were a major part of these new scams. He said scammers preyed on the insecurity of users by asking these questions:
- How soon will a vaccine be available?
- Will it be safe?
- How can I get it?
- When can I get it?
- How much will it cost?
- Should I get it?
Keeping Safe from COVID-19 Scammers
Users should be wary of any vaccine products, warns Oded Vanunu of Check Point. He said that people naturally seek out vaccines and information on the internet, but these searches could lead to criminals on the dark web.
Ways to avoid being scammed include checking email addresses before clicking links and being aware of hyperlinks that contain misspelled domain names or words. Anything with highly manipulative and emotional/alarmist language was also a warning sign.
Rather than clicking on links, users can look for companies on Google to ensure they are using legitimate URLs. In general, it’s a good idea to never give out login information in response to an email.
Vanunu also suggested users use two-factor authentication and check their financial accounts regularly.
Vaccines for Sale!
“Vendors” also claim to sell vaccines on the dark web. One scammer appeared to be selling Pfizer/BioNTech vaccines for $250 a pop. Considering these vaccines need to be colder than the arctic to remain viable, the chances the ads are authentic is likely to be zero.
Some researchers have probed scammers to prepare for a phony sale. With one supposed supplier, vaccines were on offer for ₿0.01 a piece. These vaccines were not specified by brand and claimed 14 doses to function. The same seller also had the allegedly ineffective hydroxychloroquine for sale.
Over 1,062 new potentially malicious domains related to vaccines were registered in November 2020.
With the onslaught of potential scamming that comes with a desperation for normalcy, users must be careful. Medicine should only come from legitimate vendors and prescribed by real health professionals.
Never give away your login information or credentials if you suspect anything. On the web, if it sounds too good to be true, it probably is.