With news of more and more people being vaccinated against the coronavirus daily, we’re optimistic that a return to “normal” life is on the (eventual) horizon. But, as the number of folks eligible for the vaccine rise, the number of phishing attacks against businesses and individuals in vaccine-related schemes are on the rise, too. But, armed with some security skills and a healthy dose of skepticism, you can protect yourself and your organization against this new breed of threats. We’ll tell you how.
A new strain of threat is hitting personal and company inboxes.
While we dream of hugging the ones that we love, smiling at strangers, and gathering around the ping pong table, the bad actors are dreaming up ways to take advantage of this moment. As word of vaccines becoming available locally began to circulate late last year phishing attempts related to the shots immediately rose 12% and the FBI warned people to be cautious of phishing schemes related to distribution of the COVID vaccine. Fast forward a few short months, and the average number of these attacks has risen 26% since October.
So, we figure that a little cybersecurity awareness booster shot is in order. And, the good news about this booster: it won’t hurt a bit!
There’s a fair share of these phishing attempts circulating personal inboxes, but the bad actors are going after businesses, too. Businesses who traditionally focus less on IT security are at the top of their hit lists, but these attempted breaches are happening across industries. With many companies eager to have their employees get vaccinated, organizations are reporting attacks on both employees and their HR departments.
How? Here are a couple of common narratives: To get at employees, the bad guys are posing as HR folks, asking them to transfer funds for a batch of vaccinations that have been reserved for employees. And to get at the HR people, they’re posing as employees who need “an urgent favor” (usually either money or personal information) while trying to get vaccinated.
Here’s 4 simple ways to ensure the information you’re getting is the real deal:
Here’s the kicker – many people are waiting on legitimate information from health authorities, and some from their employers, to know when and how they’ll be able to get vaccinated, which makes things confusing. If you’re planning on getting the vaccine, you don’t have to discount all vaccine-related info that comes through your inbox. Instead, use these tips to make sure that it’s the real deal:
- Be wary of strange senders – Let’s take that example we mentioned from above: you get an email from HR asking for information to get a vaccine for you. A couple of questions to ask yourself: Does the sender’s email address (including their domain) match the address they’d normally email you from? Have they asked you for this kind of info before? Does the writing in the message sound like them? Chances are that Jessica from HR has probably never emailed you from her Gmail account demanding your social security number. If the answer is no to any of these questions, it’s likely a scam.
- If you’re using a computer, preview links before you click – In most desktop programs, you can preview the destination of a link before you even click it. Simply hover over the link with your mouse to see where the link is trying to take you. In Outlook, the preview will appear directly above the hyperlinked text. In Google Chrome, you can see the preview in the bottom left corner of your browser window. If the preview looks suspicious (like if it’s not related to the content of the message, or it’s completely indecipherable), just don’t click it.
- Beware of ads, too – While malicious web advertisements are usually easier to spot, when you’ve waited a long time for something, they can be pretty appealing and convincing. In general, steer clear of clicking on anything advertising vaccines for sale. Save those precious advertising clicks for that trendy frying pan on Instagram.
- If you’re waiting info regarding your vaccine, register for updates from your local health authority or your doctor – Again, there are plenty of really good reasons why you would be waiting on info related to the COVID vaccine. One way to make sure the information that you’re getting is legit is to go straight to the source. You can sign up for eligibility alerts and find vaccine sites through the Oregon Health Authority or Washington State Department of Health. In some cases, you can even do this through your healthcare provider. Then you’ll know who you are expecting info from, and you can disregard the rest.
A little unlike COVID, as long as you’re careful, staying safe from vaccine scams is pretty simple. We’ve spent over a year now wearing our masks, washing our hands, and keeping a safe social distance in order to protect ourselves and those around us – We can stay protected against nasty scammers online, too!