In the United Kingdom a previously unseen phishing campaign has been discovered focusing on UK residents that pretends to be National Health Service (NHS). The scam claim to provide recipients with the opportunity to register for a COVID-19 vaccination.

This is just one of many similar vaccine scams is to be uncovered in recent weeks. All are claiming to provide access to a vaccine in order to trick the recipient into sharing private information. From the first moments that SARS-CoV-2 virus began to be detected outside of China, hackers have been operating a wide variety of COVID-19 phishing scams. Now that the vaccine rollout is underway in the UK and worldwide, using the promise of an early vaccine as a lure it not a massive surprise.

In the most recent campaign, the sender’s address has been spoofed to make it look like the messages have been broadcast by the NHS, and NHS branding is included in the message. Recipients are informed that they have been chosen to receive the vaccine due to their family and medical history.

The lure appears authentic due to the fact that, in the UK, the majority of high-risk groups have already been vaccinated, and the NHS is now shifting into priority group 6, which is all those aged from 16-65 with an underlying medical condition. The NHS has also pleaded with people to remain patient and wait until they are contacted about the vaccine to arrange an appointment, which may be via email.

The NHS COVID-19 vaccine scam emails require the recipient to visit a hyperlink that brings them to a website where they are asked to hand over some information to confirm their identity. In this instance, the aim of the scam is not to steal credentials, but personal information including name, address, date of birth, and credit card information.

Phishing has become the main attack vector for many hacking collectives operations during the pandemic. One study points to growth of 667% in phishing as an attack vector, showing the extent to which hackers have amended their attack tactics during the pandemic. One study by Centrify shows the amount of phishing attacks had grown by 73% between March 2020 and September 2020.

Research made available by the ransomware response firm Coveware indicates that the amount of ransomware attacks using phishing as the infection vector increased sharpy in the final quarter of 2020, overtaking all other types of attack to become the main method of gaining access to business databases.

It is calculated that phishing attacks will go on rising during 2021 due to the simplicity at which they can be managed and the effectiveness of the campaigns. Attacks are also becoming more complex and more difficult for individuals to spot.

Spear phishing attacks that focus on specific companies and individuals are becoming much more popular. These campaigns include prior research, and the messages are tailored to increase the chance of a response.

With phishing so common, it is crucial for companies to see to it that they are properly safeguarded and have an email security solution in place that is capable to blocking these attacks.

Dual AV engines and sandboxing can prevent known and zero-day malware and ransomware threats, while machine learning technology and multiple threat intelligence feeds provides protection against current and emerging phishing campaigns.

SpamTitan greatly enhances protection for Microsoft Office 365 accounts, the log in details to which are highly sought after by phishers and offers companies excellent security from all email-based attacks at a very affordable cost.

If you wish to safeguard your inboxes and prevent more malicious emails, get in touch with TitanHQ for further details about SpamTitan.