Cyberattacks On COVID-19 Vaccine Are On The Rise: 4 Keys to Avoid Falling Into Them

On December 8, the United Kingdom became the first country in the world to start vaccination against the coronavirus



Since the approval of vaccines by the European Medicines Agency (EMA), everything related to them has become one of the most topical topics and, therefore, a lure for cybercriminals to try to lead to carry out their malicious attacks.


In the first days of December, IBM warned of an attack that was taking place through phishing and which was aimed at the Community Executive, the General Directorate of Taxation and Customs Union and the companies related to the logistics of transporting vaccines and the cold chain necessary for their transport. Even Europol, the European Police Agency, warned on December 4 of the possibility that organized crime would take advantage of the situation and "spread disinformation" about vaccines to "deceive" people and companies.


Subsequently, as the vaccination campaigns have started, the attempts have continued to spread. In the United States, the Financial Crimes Enforcement Network (FinCEN) has warned of ransomware attacks on medical facilities related to vaccines and has warned of the possibility of these being repeated to interrupt the supply chain of the same, as well as its deliveries.


In addition, they have warned of a possible phishing attack with fraudulent information about vaccines such as the sale of counterfeit versions of approved vaccines. Since early 2020, more than 200,000 Americans have been scammed of more than $145 million through pandemic-related fraud, according to the Federal Trade Commission (FTC). 


On the other hand, in the United Kingdom they have detected frauds through text messages posing as the British health system. Scammers take advantage of the start of the vaccination period to gain bank information. In these messages there is a link to a fake form that asks you to fill in the blanks with your personal information, including your credit card number; or they simply ask the recipient to reply to the message and that response costs a fortune.


Now that the vaccination has reached Spain, the experts from Entelgy Innotec Security, the cybersecurity division of Entelgy warn of the risk that these attack attempts will proliferate in our country and the importance of paying close attention to all communications (calls, emails emails, messages through apps or SMS) that they receive referring to the vaccine and add a series of tips to keep in mind:


  • It has no cost. In the case of our country, the vaccine has no cost, so the user should be suspicious of any message or request for personal information in which they ask the user for a payment.
  • Direct contact in the center. In the case of the elderly who are in the residences, they will be notified in the center itself, in addition to their relatives. In this case, residents must give their consent. In the case of dependents, the family members must deliver the signed consent at the center. Likewise, workers in public and private residences and health centers will be notified by the management of their respective centers. Finally, the elderly who live at home, and already within a phase 2 and 3, the Administration will contact them by phone. In case of doubt or suspicion, they should contact their health center or the corresponding health system.
  • Avoid phishing. It is about the impersonation of the identity of an official body to obtain personal and banking data of the user. Therefore, we must not open emails or text messages from unknown or unsolicited users and delete them directly, without answering. Do not click on hyperlinks or links as they can redirect us to a fraudulent website and never provide personal or banking information. 
  • Ransomware. This type of malware is being used by cybercriminals to attack doctors, researchers and institutions involved in the vaccination campaign and force them to pay in order to resume their activity. With this attack, cybercriminals block or encrypt the system and data until a ransom is paid. The access mode is similar to phishing. This type of cyber attack can also come through emails or text messages and the user must act in the same way. Not opening the file, not interacting with it by downloading files or accessing links that could be malicious are the key.

“Cybercriminals take advantage of the present to try to carry out their malicious actions. In this case, the vaccination campaigns that are being developed around the world were not going to be an exception, therefore, we recommend that users be very attentive to the possible communications they receive and that in case of any doubt they go to the official body that appropriate ”, states Enrique Domínguez, Strategy Director of Entelgy Innotec Security. 

This article is written by Aina Pou Rodriguez

Previous Post Next Post