The announcement of the availability of COVID-19 vaccines was probably one of the best pieces of news to conclude the year 2020.

As health agencies around the world begin the distribution and administration of the vaccines however, there has been an alarming rise in incidents of scams and misinformation about vaccine distribution globally.

Unsurprisingly, nefarious COVID-19 related schemes were already a problem even before news of vaccine distribution broke. Cisco Umbrella found phishing threats jumped 40 per cent between 2019 and 2020, driven partly by pandemic themes.

Recently, authorities in the US and UK have received numerous reports of malicious actors capitalizing on the public’s interest in COVID-19 vaccines to obtain personally identifiable information and money through various schemes.

These schemes often involve individuals posing as government or health officials offering early access to COVID-19 vaccines, or services helping consumers track when they may be eligible to receive the vaccine to steal their victim’s data, credentials, and identity.

Understanding social engineering attacks

Malicious actors frequently adapt their techniques and campaigns based on what is topical, and the news of vaccine distribution evidently became a hot target.

It is also becoming increasingly challenging to tell the difference between a scam and a legitimate email as attackers often socially engineer victims to willingly share credentials, and they are also employing increasingly sophisticated techniques in their schemes.

This is done through malicious sites and social media posts that appear to be legitimate, with clickable links that infect their phones and computers with malicious software that can steal personal information and credentials for financial gain.

They tend to use highly emotive language and persuasion tactics in phishing campaigns to manipulate users, to create a false sense of urgency and prey on people’s vulnerabilities.

With more users connecting to corporate networks from their personal devices amid the shift to  more hybrid work environments, such nefarious scams can also result in data breaches and ransomware attacks against companies.

Guarding against cyber threats

IT security teams can take active steps to boost monitoring for unusual access, make sure that all users update their systems regularly and start the journey towards a zero-trust security strategy to ensure secure, consistent and easy access across applications, devices and locations.

The creative and complex scams that we see today have also highlighted the importance of deploying an array of different security layers and building a holistic cybersecurity infrastructure.

This should include email security, DNS-layer security and endpoint security, among others, to ensure a robust and comprehensive defense against phishing attacks. Such a layered approach can reduce the number of cyber threats and lessen their impact when they do occur.

Furthermore, having an integrated security platform such as our own platform Cisco SecureX, which unifies all your security technologies, can significantly reduce attack response time by 85%, enabling security teams to maximize operational efficiency and visualize threats in half the time.

Employee education is crucial

Apart from strengthening security measures, employee awareness and training programs play an integral role in enabling users to recognize phishing emails and helping them stay vigilant against such scams.

After all, the weakest link in many cybersecurity defences is usually people and the human element will always be the most unpredictable variable to secure, which cybercriminals will seek to exploit.

To mitigate people-enabled losses, simulation exercises are key to assessing how employees respond to a staged phishing attack.

Cisco Secure Awareness Training provides flexibility and support for companies to effectively deploy phishing simulations that reflect real-life cyber threats and are integrated with awareness training and feedback to educate users to work smarter and safer.

Ultimately, the pandemic serves as a timely reminder for both users and businesses alike to stay on guard and adhere to good practices with digital devices, passwords and cybersecurity.

Remember – if it looks too good to be true, it probably is.


If you’re keen to learn more about email security, tune in to this short video to understand how you can protect both inbound and outbound messages as malicious actors continue using email as the #1 threat vector.