The race to develop a viable COVID-19 vaccine is creating opportunities for cyber attackers.
“Nation states or certain organizations are targeting vaccine researchers and overwhelmingly the vectors that we're seeing are still email-based, so that that continues to be the biggest concern,” said Mark Ostrowski with Check Point Software.
The security company says coronavirus-related cyber attacks are down since the summer, but the number of malicious websites related to COVID-19 vaccines is up.
The warnings were reiterated Wednesday by French-based international policing agency Interpol, which issued a global alert that organized crime groups may be attempting to sell stolen vaccines or set up scams with the promise of vaccines.
So-called "threat actors" are sending out vaccine-related email phishing campaigns. A recent one had the email subject: "Urgent information letter: COVID-19 new approved vaccines."
“So, what I would really warn folks is that if you receive an email that contains a vaccine sort of sensational type of subject in the email itself, and then there's an attachment, and the attachment is either an executable or office document, those are things that you want to watch out for,” said Ostrowski.
People who opened that document in the phishing email actually had a way to steal usernames and passwords.
You should only get your vaccine-related information from trusted news or government websites, not your inbox.
“This is just the next thing, right. So, every time there's a new announcement, that specific subject, that specific entity, that's tied to say a vaccine is what's going to become the next target, right. So, these threat actors are very, very closely monitoring the global pandemic and then using those moments to quickly make and adjust their attack methods.”