Covid-19 Tech HelpGeneralSecurity

The “Get Your Vaccine Now!” Phishing Lure

covid, vaccine, phishing, scam, lure

Protect your organization and employees from scams looking to exploit uncertainty around the Covid-19 vaccine rollout.

Scammers often look to the headlines to gain inspiration for their next scam, and the vaccine’s rollout is no exception. As vaccine distribution plans evolve, scammers plot and launch schemes to cash in on fear and uncertainty. Last month the FBI issued a press release warning of the emerging fraud schemes related to the Covid-19 vaccine.  While their warning covered a wide variety of schemes that will likely occur, there are several directly related to cybersecurity that organizations can take immediate steps to prevent.

We encourage all employees at all organizations to understand where they may stand in their state’s distribution plan. Additionally, individuals who are unsure of where they stand or have unique circumstances should speak with their medical professionals (or HR teams in some cases) to know what to expect as we proceed through this rollout. Armed with that information, employees will have an idea of who they will hear from and roughly when. In the meantime, everyone needs to understand that it is critical to stay away from invalid solicitations such as:

  • Requests to verify your social security number to secure a spot on a vaccine list
  • Offers to buy an appointment time
  • Offers to receive an expedited vaccine through the mail
  • Click here to schedule
  • And more!

Now is a great time to remind ourselves and our teams that general cyber safe rules are as important as ever:

  • Do not open attachments or click links within emails from senders you don’t recognize.
  • Do not provide your username, password, date of birth, social security number, financial data, or other personal information in response to an email or robocall.
  • Always verify the web address of legitimate websites and manually type them into your browser.
  • Check for misspellings or wrong domains within a link (for example, an address that should end in a “.gov” ends in .com” instead).

“Many of my clients ask, ‘What do I do if all efforts fail, and a phishing campaign successfully infiltrates my organization?’ explains Brian Page, Xiologix CTO. “This is a loaded question, as each organization is different based on policies, procedures, compliance, risk acceptance, and the type(s) of attack that follows. Outside of user training, the next best defense is to implement an Incidence Response plan and ensure your SOC and NOC are trained to enact the procedures as defined by the organization. The Incidence Response plan will clearly define who, what, and where to contain, eradicate, and restore an organization to a secure systems environment. Additionally, organizations will experience reduced downtime and risk of compromise as a result of these practices.”

Xiologix offers a full suite of cybersecurity solutions including everything from hardware and backup services to phish testing and managed services. Contact Xiologix for a complimentary consultation today.

Call Now Button