While the year 2020 has finally come to a close, the COVID-19 pandemic has not ended with it. With the hope of the vaccines released by Oxford/AstraZeneca and Pfizer-BioNTech respectively, there is hope that the pandemic will soon come to an end. In the meantime, scammers are still using COVID-19 to scam people.
One of the ways that scammers will try to con you is by selling fake coronavirus vaccines on the internet. Back in December, our blog discussed that there were reports of cybercriminals claiming to be selling the COVID-19 vaccine on the dark web. Check Point has found that some vendors claiming to have access to unspecified COVID-19 vaccines are requesting up to $300 in cryptocurrency. An Interpol study found that out of a sample of 3,000 websites appearing to be selling dubious medicines and medical devices, roughly 1,700 contained threats including phishing code and malware. So not only could you end up even sicker from attempting to purchase a fake vaccine, but you could also end up with other problems such as malware on your devices, and even identity theft.
Additionally, phishing emails are still making the rounds, though the tactic has changed a little with the vaccines being available. These phishing emails will purport to be from some organization administering the vaccine and ask you to register yourself to ensure your place in line for a COVID-19 vaccine. For some, the scammers are looking for you to give up your PII (Personal Identifiable Information) and in others, they will be asking you for a registration fee. Scammers are already adept at impersonating the World Health Organization (WHO) and the Centre for Disease Control (CDC), so expect scammers to continue to impersonate these organizations, along with many other local health organizations.
Of course, phishing doesn’t just happen by email. The same scams work perfectly well by text message, or even in a phone call. So, how can you stay safe from these COVID-19 scams? You should treat any request for PII, whether made over the phone, via text, or email, very carefully. If you doubt that this is genuine, don’t give up any of your personal information. Instead, directly email or phone your local health provider, or check official websites for the latest information. In the same vein, local government officials will likely be handling the distribution of the vaccines. In Canada, the vaccines will be provided to Canadians free of charge, paid for by the Federal Government. The CBC news lists the rollout plan for each province here, but you can also contact your local government directly. There is absolutely no need to go to a third-party website to purchase a vaccine that will almost certainly be fake. You should also be careful of emails that seem "spammy" and try to elicit a panicked response. Don’t click on links or attachments in unsolicited emails as they could introduce malware or try to steal you PII.
So, now that you know what to do to prevent being scammed, make sure your staff knows too. With work from home (WFH) blurring the lines between personal use of computers and company use, you don’t want a staff member introducing malware onto your network. Ensuring your staff are cyber aware of these and other types of phishing scams will go a long way in protecting the integrity of your network. Need help, Uzado is here to help you train staff and protect your network.