Site navigation

Covid Vaccine Spear Phishing Attacks are on the Rise

Michael Behr


Covid Vaccine Spear Phishing

With scammers looking to take advantage of Covid-19 fears, it is important to maintain a healthy scepticism of vaccine-related emails.

As Covid-19 vaccines enter the market, so have the number of vaccine-related spear phishing email attacks, according to cybersecurity specialists Barracuda Networks.

In new research, the company found that between October 2020 and November 2020, the number of vaccine-related spear-phishing attacks increased by 12%, rising to 26% by the end of January 2021.

“As pharmaceutical companies rushed to develop and test vaccines, hackers rushed to leverage the momentum generated by news coverage in their phishing campaigns. The number of spear-phishing attacks targeting businesses peaked just as the first vaccines were being announced. They levelled off during the holidays,” Barracuda CTO Fleming Shi said in a blog post.

Attackers are using the sense of urgency, fear, and uncertainty as part of sophisticated social engineering attacks. These involve building trust between the attacker and the victim before taking action to steal their credentials or deliver malware.

Researchers at Barracuda warned that two predominant types of spear-phishing attacks have been using vaccine-related themes – brand impersonation and business email compromise.

Brand impersonation sees attackers mimic companies that the victim trusts. A typical phishing email includes a link to a phishing website advertising early access to vaccines or offering vaccinations in exchange for a payment. Some even impersonate health care professionals requesting personal information to check eligibility for a vaccine.

Business email compromise involves hijacking a business email and imitating the owner. Barracuda warned that these have emerged in recent years as one of the most damaging email threats, costing business over $26 billion dollars.

Typical vaccine-related emails see attackers impersonating employees in urgent need of a favour while they are getting a vaccine or an HR specialist advising that the organisation has secured vaccines for their employees.

Barracuda also warned that compromised accounts can also come internally, with reconnaissance performed prior to an attack.

“More often than not, they use these legitimate accounts to send mass phishing and spam campaigns to as many individuals as possible before their activity is detected and they are locked out of an account,” warned Fleming.

As such, being sceptical of all vaccine-related emails is important to stay protected.


Attackers have become increasingly sophisticated as cybercrime offers growing rewards. Attacks increasingly involve more research, such as identifying potential targets beforehand, especially those with access to financial details.

In addition, advances in AI have given cybercriminals a powerful tool. Not only does AI help identify potential targets, deepfake technology can create convincing imitations of people’s voices out of very little data. A call from your ‘manager’ is more convincing than an unknown party.

Covid-19 and cybercrime have gone hand in hand. Cybercriminals have been quick to capitalise on the upheavals and uncertainties of the pandemic. As remote working isolates colleagues, upends conventional systems, and drives companies online and to the cloud, phishing attempts, cyberattacks and data breaches have grown. If there’s a way to make money from Covid, threat actors will do it.

Recent research discovered that fake Covid vaccines were being offered on the dark web, at a time when major pharmaceutical companies were just getting legitimate vaccines approved.

In addition, hackers, many thought to be state-backed, have been targeting vaccine research and distribution networks, both to steal vital information or to disrupt a country’s vaccination programme.

Join the Debate: ScotSecure 2021

The effect of the coronavirus pandemic on cybersecurity will be a key area of discussion at the upcoming ScotSecure Cybersecurity Conference on March 24-25th.

Hear from leading experts from across the cybersecurity sector and explore the crucial issues.

Register your free place now at:

Michael Behr

Senior Staff Writer

Latest News

Cybersecurity Editor's Picks Trending Articles
Cybersecurity Data Trending Articles
%d bloggers like this: