Forewarned is forearmed: learn about the common phishing schemes during the vaccination and tax time
Hackers always exploit crises and special events as the primetime for their scams. This spring, the cybersecurity landscape is expected to be vulnerable as never before since Americans are on the threshold of two significant events at once – Covid-19 vaccination and tax time. Furthermore, the United States, as well as the rest of the world, is still in the pandemic working mode which means additional possibilities for threat actors. So, cybercriminals are taking advantage of the increased security vulnerabilities arising from vaccination agiotage, remote working, and tax time to generate profits and cause disruptions.
Taking advantage of people’s anxiety and economic downturn during the pandemic, cybercriminals have enhanced their tactics by using COVID-19 as a basis in their attacks. The ongoing vaccination and tax time contributed to the number of security incidents. There are multiple ways of committing fraud, stealing credentials, and distributing malware but phishing is among the most common and acute ones. Phishing is a cyber-attack that sends disguised emails as a weapon to trick the recipient into believing that the email is something they expected or needed. In the context of this blog post, they contain information regarding vaccination, tax returns, or general Covid-related questions.
According to the F5 Security Operations Center (F5 SOC), the number of phishing incidents in 2020 rose to 15% as compared to 2019. It is also reported that half of all data breaches in the US occurred due to failures at the access control layers including credential theft, phishing, and login attempts. According to the Interpol Cpovid-19 Cybercrime Analysis Report, phishing is the major Covid-related cyberthreat worldwide (58% of cases). Malware with 36% of cases is in second place. Malicious domains (22%) and fake news (14%) are in the third and fourth places respectively. Around two-thirds of respondents reported significant use of COVID-related themes for phishing and online fraud.
The ongoing vaccination is especially used by threat actors since agiotage around it often prompts people to make hasty decisions and, therefore, become victims of cyberattacks. One more opportunity which hackers strive to take advantage of is tax season. Therefore, escalation of the vaccination and tax-themed scams is expected through the spring as the ongoing pandemic mode offered threat actors new ways to manipulate potential victims.
To maximize financial gains and cause more substantial disruptions, cybercriminals are actively shifting their targets from individuals and small businesses to big corporations, governments, and critical infrastructure. The pandemic-caused remote working mode makes it easier for scammers to deploy remote systems, networks, and applications.
Here are the main targets of phishing attacks in light of the ongoing vaccination and tax time as well as the overall COVID-related environment:
Employees. As many companies practice teleworking due to the Covid-19 pandemic, cybercriminals are increasingly targeting workers of corporations, governments, and critical infrastructure. Sending phishing emails upstream, hackers try to gain control through remote access to corporate networks, steal sensitive information, and then use it for their profit.
Tax Professionals. In the period of active tax returns, tax professionals become common targets of hackers. Criminals steal clients’ data to file fraudulent tax returns by using emails tricking tax professionals into giving up passwords, stealing EFINs or CAF numbers, and taking remote control of the corporate systems.
Taxpayers. Taxpayers are the common targets of scammers who send IRS impersonated phishing emails regarding tax returns, owing, or refunds
Unemployed. Millions of Americans lost their jobs due to the 2020 pandemic and receiving unemployment support from government agencies. However, this uneasy situation is being often exploited by hackers filing for fraudulent unemployment benefits.
Those Who are Awaiting Vaccination. People that expect to be vaccinated are also targets of opportunity for scammers who send phishing emails asking to pay for the vaccine or suggesting to be put on a waiting list. In this way, they trick the recipient into providing their healthcare insurance and credit card information.
To avoid vaccine-related-scams organizations and individuals are encouraged to learn information from reliable sources only. These include the FBI, the Federal Trade Commission (FTC), the US Department of Health and Human Services (HHS), Centers for Disease Control and Prevention (CDCP) of the local communities. As vaccination plans may vary across states, it is reasonable to check local health departments to learn necessary details about the COVID-19 vaccination. Organizations should be aware of any changes and updates related to vaccination and help their employees and clients to stay away from scams. Below we provide some common examples of phishing scams that are widely used during the vaccination period.
All suggestions or requests to pay or provide private information to receive the Covid-19 vaccine are illegitimate. So, you do not need to pay to receive it. Remember that authorized vaccination sites such as hospitals, pharmacies, or mass vaccination hubs are the only places that provide vaccination.
Be aware that no health department or vaccination site would charge money for vaccination ahead of schedule. It is not uncommon that hackers send unsolicited texts offering users access to the vaccine regardless of their position in the vaccination schedule. If you receive such an offer just ignore it.
None of the authorized health departments or vaccination sites will ask for payment to be put on a waiting list. Waiting lists exist but they are prepared generally for seniors who are eligible to receive their vaccines but haven’t been able to get an appointment.
Before scheduling vaccine appointments make sure what platforms (if any) are used in your state or county. Avoid registering through sites unaffiliated with your health department if you are not sure what platform is used in your state or county. There are several platforms (the most common is Eventbrite) used for scheduling vaccination appointments but such ambiguity has made it easier for scammers to cash in.
An email with such content is a scam because the only place where individuals can get vaccines are authorized vaccination sites.
Remember, neither antibody nor Covid-19 test is necessary to receive the Covid vaccine. Emails offering to buy additional tests before vaccination are scams.
Due to the above and other variations of COVID-related scams, Americans have lost over $370M for the last year, as the FTC reports. The Commission received over 384,093 consumer reports from January 2020 through March 2021. People reported fraud (208,062), identity theft (57,559), and other kinds of scams (107,670). The most common victims were active network users of 30-39 (16,071) and 40-49 (14,864) years old.
To help deal with phishing emails and other kinds of vaccine-related scams as well as prevent others to become victims of cyberattacks, report about a suspected scam to WHO, FTC, HHS, or other agencies and organizations.
Many people have lost millions of dollars and disclosed their personal information due to tax scams. Phishing emails impersonating the Internal Revenue Service (IRS) are commonly used in tax scam schemes. However, the IRS never initiates contact with taxpayers by text messages, emails, or social media channels to request personal or financial information. Norton security company has identified four types of tax scams that individuals and businesses should be wary of while preparing to file their taxes.
Such kinds of phishing emails are usually claimed to be from the IRS albeit they have nothing in common with this agency. They usually state that the recipient’s tax return is restricted. Emails impersonating TurboTax, a popular tax preparation software, are also a widespread scam, claiming that the TurboTax recipient’s account is locked. Both kinds of scams aim to convince users to click on a link and submit their personal information to unlock their accounts or tax returns.
Phishing emails with such content request recipients to update their tax information. Most of them contain a link or HTML attachment to a fake site that captures personally identifiable information and sends it to criminals.
Cybercriminals often send out emails claiming that the tax payments were automatically deducted from the recipient’s bank account. As a reference for the deduction, they attach the “receipt”. After opening it, the recipient realizes that it is a malicious file, that anti-malware tools detected as W32.Golroted, which then deploys on the user’s computer system.
Beware of emails informing you that you are eligible for a tax refund. They do not suggest opening a file or clicking a malicious link but request proving your identity information to “confirm” the refund. The email requests the recipient to provide documents including a copy of passport, a utility bill, a bank statement, or a credit card statement. It is not hard to guess what happens next. Having personal information of a trusting recipient, hackers misuse it for their profit.
More than 89,000 Americans reported about tax scams in 2020, as FTC informs. Identity theft was the most reported type of scams that occurred predominantly through sending out phishing emails. To report about the tax-related scam, please, visit IRC, FTC, or other related organizations.
To stay safe from cybercrime amid COVID-19 vaccination and tax time remember the following simple rules:
Keep up reading our blog and discover more information about the safety and security of electronic data.