Scammers are constantly searching for new ways to steal users’ data. Last year, a completely new category of opportunity became one of the most profitable scams for fraudsters. They extensively used COVID-19 related spam letters and phishing pages to benefit from the year’s most alarming and high-profile news story. According to a new Kaspersky report, “Spam and Phishing in Q1 2021” scammers are continuing to exploit this epidemiological challenge – this time, focusing on the vaccination process.
Kaspersky experts discovered various types of phishing pages distributed all over the world. As well as spam letters, recipients are invited to get a vaccine, to take part in a survey, or to diagnose COVID-19. For instance, some users from the UK received an email that appeared to come from the country’s National Health Service. The recipient was invited to be vaccinated, having first confirmed their desire to be vaccinated by following the link.
An example of a phishing email writing on behalf of the UK National Health Service
To make a vaccination appointment, the user had to fill in the form with their personal data, including bank card details. As a result, they handed their financial and personal data to the attackers.
Another way to gain access to users’ personal data has been through fake vaccination surveys. Scammers sent emails on behalf of large pharmaceutical companies producing COVID-19 vaccines, inviting the recipient to take part in a short survey.
An example of a fake email sent on behalf of vaccines producers
All participants were promised a gift for their participation in the survey. After answering the questions, the victim was redirected to a page with the “gift”. To receive the prize, users were asked to fill out a detailed form with personal information. In some cases, the attackers asked for payment of a token amount, for delivery.
Lastly, Kaspersky experts found spam letters offering services on behalf of Chinese manufacturers. The emails offered products to diagnose and treat the virus, but the emphasis was on the sale of vaccination syringes.
“In 2021, we saw a continuation of 2020 trends. Cybercriminals are still actively using the COVID-19 theme to entice potential victims. As coronavirus vaccination programs have been rolled out, spammers have adopted the process as bait. It is important to remember that though such offers may look very favorable, the likelihood of a successful deal is zero. The user can avoid losing data or, in some cases money if they remain vigilant to the supposed lucrative offers distributed online,” comments Tatyana Shcherbakova, a security expert at Kaspersky.
In order to avoid falling victim to a scam, Kaspersky also advises users:
- To be skeptical of any unusually generous offers and promotions
- To verify that messages are coming from reliable sources
- Not to follow links from suspicious emails, instant messages or social network communication
- To check the authenticity of websites they visit
- To install a security solution with up-to-date databases that include knowledge of the latest phishing and spam resources