Email Security Blog

Vaccine Related Phishing Scams

More than a year after the COVID-19 pandemic began, fear and anxiety continue to dominate the lives of many. Spikes in COVID-19 cases, isolation, social distancing, financial stress, job uncertainty, mutated virus strains, and vaccine worries are all to blame. It’s a frightening list. And while many cities are reporting a sharp decrease in property crime, there is one group of thieves that seem to be working overtime. Cybercriminals.


Global losses from cybercrime in 2020 are projected to reach upwards of $1 trillion. That same projection places losses at an unprecedented $945 billion — almost twice that of 2018.1 The steep rise in these numbers can easily be attributed to the coronavirus and since it began, hackers have preyed on the insecurities and fears of the public to create phishing scams that work. The latest phishing threat theme has been COVID-19 vaccines.

The Federal Bureau of Investigation (FBI), Department of Health and Human Services Office of Inspector General (HHS-OIG), and Centers for Medicare & Medicaid Services (CMS) have received numerous complaints of cybercriminals leveraging the COVID-19 vaccination in order to create phishing scams and similar nefarious schemes that trick victims into giving up personal information and funds.2 Companies who are speaking with employees about COVID-19 vaccinations are also being targeted by cybercriminals. In fact, healthcare, education or supply chain organizations should expect to see phishing scams come their way could set them up for data breaches, ransomware attacks, spear phishing or Business Email Compromise (BEC) schemes, and more.

Some of the phishing threats the FBI has warned about include:2

  • Marketers offering to sell and/or ship doses of a vaccine, domestically or internationally, in exchange for payment of a deposit or fee
  • Companies or individuals claiming to be from a medical office, insurance company, or COVID-19 vaccine center
  • Requests asking you to pay out of pocket to obtain the vaccine or to put names on a COVID-19 vaccine waiting list
  • Claims of FDA approval for a vaccine

It will come as no surprise that vaccine related phishing scams are not limited to the United States. The European Medicines Agency (EMA) announced in January that following a cyberattack they experienced in December, COVID-19 vaccine data that had been stolen was being manipulated and leaked out onto the internet “in a way which could undermine trust in vaccines.”

In November, 2020, Microsoft announced that hackers backed by Russia and North Korea were targeting companies involved in the development of COVID-19 vaccines. Seven companies were targeted in the U.S., Canada, France, India, and South Korea. While Microsoft successfully blocked some of these hacking attempts, other slipped by their systems. Three hacker groups were blamed for the attacks. Two of the three groups of cybercriminals used sophisticated spear phishing emails. One group posed as recruiters and the other disguised themselves as representatives from the World Health Organization in their spear phishing plot. The third group of hackers used password spraying attacks, which involves targeting a large group of username accounts and gaining access by trying a few commonly used passwords.

Even with all of this information, more than half of 1,500 organizations surveyed said they lack the plans to prevent and respond to cybercrime.1 If you find yourself among the unprepared, the sooner you make a change, the safer you (and your company’s revenue) will be.

An award-winning cloud-based email security software, INKY recognizes phishing emails that the human eye could never see. Driven by computer vision, machine learning, and artificial intelligence, INKY blocks malicious emails, many of which your secure email gateways (SEGs) and virus protection software programs can’t detect. In many ways, a subtle form of training is baked into every email protected by INKY’s anti-phishing capabilities. It comes in the form of a simple banner that alerts readers of dangerous and suspicious emails.

INKY integrates seamlessly with any email platform. IT departments love INKY’s reporting features, which allow administrators to review phishing threats that have been identified and see how employees are handling them. You can even conduct your own phishing simulations.

If you’d like to learn more about the phishing threats facing your company and how best to protect it, a great first step is to schedule a demonstration.

Request an INKY demonstration today.


INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.