Global cybercriminals are using the hysteria around vaccine rollout to attract unwitting users into potentially dangerous actions, according to Mimecast.
Mimecast researchers discovered the email promotions, which appear to be official communications from HR departments asking recipients to register for surveys, display fictitious vaccine schedules, or log into fake landing pages using their real login credentials.
“Anyone who makes the mistake of clicking on the links in these emails or uploading their real login information to the fake websites risks not only their own protection, but also the security of their entire organization,” says Brian Pinnock, Mimecast’s cybersecurity expert.
“This emphasizes the importance of conducting frequent cybersecurity awareness training to ensure that every employee understands how to recognize and, more importantly, prevent risky behavior.
This should be part of every security team’s defense in depth plan, which uses layers of security to prevent cyberattacks from infiltrating an organization, including ensuring a cyber-aware workforce.”
Mimecast advises people to stay alert and has put together a list of suggestions to help keep workers safe from this form of email-based attack:
- Be proactive: Get the information you need directly from your local government website/hospital, and presume that attackers can take advantage of the outage.
- Be wary of emails, phone calls, or text messages from people you don’t know attempting to get your attention with vaccine notifications.
- Always double-check your URLs.
- Hackers are impersonating official healthcare agencies and vaccine providers on the internet. Go straight to official government portals, such as the Department of Health’s.
- When creating an account, use clear and unique passwords for all of your accounts, and use MFA/2FA wherever possible.
- Don’t bind to networks you’re unfamiliar with. Use your safe home WiFi network, which should be password-protected, to look up vaccine information.
- If you’re using a business-owned computer, be extra cautious: threat actors are looking for ways to gain access to the company you work for in order to steal data.
- Make sure your computer is up to date with the latest patches and updates.
- Keep an eye out for Vishing attempts and be careful of someone who asks for your login information over the phone.
According to a recent Mimecast survey, 81 percent of UAE respondents had received specific work from home cybersecurity training, but 61 percent still admitted to opening suspicious emails.
“It revealed that there is a significant gap between preparation and effectiveness.
As countries carry out COVID-19 vaccines, interest in vaccine-related knowledge is at an all-time high, cybercriminals see a golden opportunity to subvert user behavior in their attempts to compromise company networks, with monetary benefit the most likely goal “Pinnock added.
Article Source: ITP