Security researchers have uncovered a new phishing campaign that uses the Covid-19 pandemic vaccine news to spread malware and Business Email Compromise (BEC) attacks. The attacks target people in businesses by pretending to be organizations involved in the manufacture of vaccines, the WHO, and DHL.
The themes used include the fear that a person has been in contact with someone infected, but also messaging about government vaccine approvals and economic recovery caused by the vaccine. There were also sign-up forms to receive the vaccine, information updates, and shipment delivery. All are based on phishing scams to steal user credentials.
The merger ploy
The BEC attacks had bogus merger/acquisition information and were sent directly to the senior executives in the organizations affected.
The attacks were first seen in early December 2019 by researchers. The emails all followed the theme that vaccines would ensure the world’s economy recovered. The email claimed to be from an exec asking the recipient to cooperate in a foreign company’s confidential acquisition.
The email continued to say that the moment was ripe to grab opportunities that lie in the midst of every crisis. This month alone, hackers sent hundreds of these messages over four days aimed at industries in Canada and the US.
A sense of urgency
The emails told the victims to click a link to confirm they had received their email to receive the vaccine. The goal of the campaign was to steal credentials used to login into Office 365.
The campaign was effective since it referenced the government approvals of vaccines and the plan to rush the process.
The messages aimed to stress out the individuals who received them to have less time to think about responses and click as told.