Researchers have confirmed that the COVID-19 Moderna and Pfizer phishing campaigns are still active, but there is also a new variant leveraging the Johnson & Johnson vaccine. The scam prompts recipients to take a fake survey for vaccine research, promising a reward in exchange with a minimum value of $90.
This is likely just the tip of the iceberg as the demand for vaccines continues to exceed the supply. Other ‘topical’ subjects are also in the targets of fraudsters, such as those in debt or who have concerns about being able to pay their taxes (especially as the payments deadline in the U.S. has been extended).
Fraudsters are very quick to adapt their tactics to take advantage of circumstances, and are now trying email as a way to fool people.
The startup Vade Secure has discovered 4 million phishing emails targeting individuals with tax debt, plus an additional 1 million fraudulent emails tied to the Moderna and Pfizer vaccines in just three days.
Sebastien Goutal, Chief Science Officer at Vade, tells Digital Journal in an email that it is very likely the seized information from those that fall prey to the financial driven attacks is being sold to companies who offer services for individuals who own tax money (legal services, loan services and more).
Despite the newsworthy or emotionally driven hook of the campaigns, Vade has found that hackers are consistently using techniques to bypass filters, such as remote images that contain the text/images, lookalike letters and link redirections.
Furthermore, some hackers are even combining tactics and getting more strategic by using a pairing of events, for example Sebastien has seen the use of forthcoming COVID-19 relief payments to target end users.