A new phishing scam has been detected targeting UK residents that spoofs the National Health Service (NHS) and offers recipients the opportunity to register to receive a COVID-19 vaccination. The NHS COVID-19 vaccine scam is one of several to be intercepted in recent weeks that offers the chance to get a vaccine, when in reality it will involve disclosing sensitive information.
Since the SARS-CoV-2 virus started spreading beyond the borders of China, scammers have been conducting a wide range of COVID-19 phishing scams. Now that the vaccine rollout is progressing in the UK and globally, using the promise of an early vaccine as a lure was to be expected.
In the latest campaign, the sender’s address has been spoofed to make it appear than the messages have been sent by the NHS, and NHS branding is used in the message body. Recipients are instructed that they have been selected to receive the vaccine based on their family and medical history.
The lure is plausible, as in the UK the most at-risk groups have mostly been vaccinated, and the NHS is now moving into priority group 6, which is all individuals aged 16 to 65 with an underlying medical condition. The NHS has also asked people to be patient and to wait until they are contacted about the vaccine to arrange an appointment, which may be via email.
The NHS COVID-19 vaccine scam emails require the recipient to click a link that directs them to a website where they are instructed to provide some information to confirm their identity. In this case, the aim of the scam is not to obtain credentials, but personal information including name, address, date of birth, and credit card details.
Phishing has become the attack vector of choice for many cybercriminal operations during the pandemic. One study indicates an increase of 667% in phishing as an attack vector, showing the extent to which cybercriminals have changed their attack tactics during the pandemic. One study by Centrify shows the number of phishing attacks had increased by 73% between March 2020 and September 2020.
Protect your MSP clients with the newest zero-day threat protection and intelligence against anti-phishing, business email compromise and zero-day attacks with PhishTitan.
Free Demo
Research published by the ransomware response firm Coveware shows that the volume of ransomware attacks using phishing as the infection vector increased sharpy in the final quarter of 2020, overtaking all other methods of attacks to become the main method of gaining access to business networks.
Phishing attacks are expected to continue to increase in 2021 due to the ease at which they can be conducted and the effectiveness of the campaigns. Attacks are also becoming more sophisticated and harder for employees to identify.
Spear phishing attacks that target certain companies and individuals are becoming much more prevalent. These campaigns involve prior research, and the messages are tailored to maximize the chance of a response.
With phishing so prevalent, it is vital for businesses to ensure they are sufficiently protected and have an email security solution installed that is capable to blocking these threats.
Dual AV engines and email sandboxing are capable of blocking known and zero-day malware and ransomware threats, while machine learning technology and multiple threat intelligence feeds provides protection against current and emerging phishing threats.
SpamTitan significantly improves protection for Microsoft Office 365 accounts, the credentials to which are highly sought after by phishers and offers businesses excellent protection from all email-based attacks at a very affordable price.
If you want to protect your inboxes and block more malicious emails, contact TitanHQ for more information about SpamTitan. The multi-award-winning antispam solution is also available on a free trial for you to see for yourself how effective it is and how easy it is to use.