Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    They're Here! COVID-19 Vaccine Phishes Finally Arrive

    Eric Howes | Dec 9, 2020

    theyre-hereAnticipating that media attention surrounding the development and distribution of COVID-19 vaccines would undoubtedly spur malicious actors to launch new vaccine-themed phishing campaigns, we recently announced the release of eight new simulated phishing templates for the KMSAT security awareness training platform. Now, just two weeks after that announcement (and on the very day that the UK launched its own mass vaccination program), the first real vaccine-themed phishing emails have arrived. Let's take a look.

    The first one reported to us by customers using the Phish Alert Button (PAB) uses the very kind of social engineering scheme that we anticipated:

    vaccine-personal-1a

    This email appears to be trying to exploit a very recent report in The Washington Post that Pfizer may not be able to supply additional doses of its vaccine to the United States in large volumes until sometime in Q2. Predictably enough, the link in the email body takes unwitting clickers to a credentials phish:

    vaccine-personal-1b

    To be sure, the language used in the body of that malicious email is a bit stilted -- definitely not the effortlessly clear prose one would expect in a professionally written email of this type. But it will do.

    As it turns out, this particular phish compares quite well with one of the eight simulated phishing templates we introduced two weeks ago:

    template_ReserveYourVaccine-1

    The social engineering scheme in both emails exploits some of the basic questions and concerns that users and employees will have about the several vaccines currently on the cusp of widespread distribution:

    1. How soon will a vaccine be available?
    2. Will it be safe?
    3. How can I get it?
    4. When can I get it?
    5. How much will it cost?
    6. Should I get it?

    Put very simply, this is pretty much what we expected.

    Conclusion

    Malicious actors had a field day back in March in April as the Coronavirus washed over countries around the world. It was and still is the perfect tool for social engineering scared, confused, and even downright paranoid end users into opening the door to your organization's network.

    Nine months later, as an entirely predictable round of vaccine-themed phishing emails begins to land in your employees' inboxes, it is high time to get your users up to speed by stepping them through New-school Security Awareness Training and testing them with the vaccine-themed simulated phishing templates already available in KMSAT.

     

    Topics: Security Awareness Training

    Discover Your Organization’s Phish-prone™ Percentage

    Ninety-one percent of data breaches begin with spear phishing. Launch our Free Phishing Security Test for up to 100 users to uncover your team's vulnerability and see how your security posture stacks up against industry benchmarks.

    Get Your Free Phishing Security Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Eric Howes

    ABOUT ERIC HOWES

    Read more from Eric »

    Subscribe to Our Blog

    Posts By Topic

    View All