Phishing Attack Used Spoofed COVID-19 Vaccination Forms


A recently uncovered phishing campaign used fake COVID-19 vaccination forms - and took advantage of confusion over whether employees will return to their offices this fall - to harvest workers' email credentials, according to analysts with security firm INKY.

See Also: Automating Security Operations

During this phishing campaign, which was active earlier this month, the fraudsters appeared to have used compromised email accounts to send realistic-looking emails to employees that purported to come from the targeted company's human resources department, according to INKY researchers. These messages contained a malicious PDF link that would take victims to a phishing page to harvest their Microsoft Outlook credentials.

In some cases, the fraudsters also looked to steal personally identifiable information, such as full name, birthdate and mailing address, according to the report.

Once the credentials were harvested, the victim was redirected to a Santa Clara County government website in California that provides COVID-19 information to the public, the INKY analysts note. This was designed to confuse the victims and draw attention away from the attack.

This particular phishing campaign was notable for using social engineering techniques concerning the spread of the COVID-19 Delta variant and how this phase of the pandemic might affect employees returning to offices in the fall (see: COVID 19: What Delta Variant Means to Business Recovery).

"By August, the Delta variant cast its pall over everyone's hopes for going back to normal. First, vaccinated workers felt nearly invulnerable," according to the report. "Then, breakthrough cases started making the news. This confusion was a perfect environment for black hats to introduce a new form of phish."

The INKY report notes that this particular campaign appeared in a limited number of employee inboxes - about 60 - and did not appear successful, although it's not clear if the attacks are ongoing or have stopped as of now.

Read Full Article: