Cybercriminals look to cash in on the vaccine rollout, including by falsely offering to help people jump the line

The US Department of Treasury has added its voice to a growing chorus of warnings about ransomware attacks, fraud and other cybercrimes that attempt to exploit the rollout of COVID-19 vaccines.

“The Financial Crimes Enforcement Network (FinCEN) is issuing this Notice to alert financial institutions about the potential for fraud, ransomware attacks, or similar types of criminal activity related to COVID-19 vaccines and their distribution,” reads an alert by FinCEN, a bureau of the Treasury Department.

The warning notes that “cybercriminals, including ransomware operators, will continue to exploit the COVID-19 pandemic alongside legitimate efforts to develop, distribute, and administer vaccines”. With that in mind, FinCEN urged banks and other financial institutions to keep an eye out for ransomware targeting vaccine distribution and the supply chains required to manufacture the vaccines.

In recent months, pharmaceutical companies, vaccine researchers and organizations involved in vaccine storage and transport have all been targeted by multiple cyber-espionage groups. This includes a campaign by the Lazarus group leveraging malware that ESET researchers had linked to the group.

Jump to the front of the line? Hardly

FinCEN’s alert also highlights schemes that pitch non-existent vaccines or counterfeit versions of approved vaccines, as well as ploys involving illegally diverting legitimate vaccines onto black markets.

“Already, fraudsters have offered, for a fee, to provide potential victims with the vaccine sooner than permitted under the applicable vaccine distribution plan,” said the agency.

A number of other agencies, notably the Federal Bureau of Investigation (FBI) and the Federal Trade Commission (FTC), as well as Interpol and Europol, have all sounded the alarm over various flavors of vaccine-themed fraud, as well as over offers of counterfeit vaccines that circulate on the dark web.

Some of these activities take the form of phishing attacks that target the general public. Using emails, text messages and phone calls, con artists attempt to trick people into divulging their personal data under the guise of assessing their eligibility for the vaccine, joining fabricated waitlists or getting a jab early.

As of December 16th, the FTC received 275,000 reports of fraud and identity theft related to the pandemic, with the victims reporting losing US$211 million in total. Scams exploiting the general anxiety surrounding COVID-19 have spread as fast as the coronavirus itself; earlier this year, we looked at a broad array of such fraudulent schemes in a series of articles, starting with this one.

Over the months, coronavirus-themed fraud involved everything from touting non-existent face masks, testing kits and miracle cures to extorting the targets, spewing out malware-laden emails, promoting fake donations, dispensing bogus health advice and disbursing bogus financial relief.

Staying safe

How can you stay safe while eagerly waiting your turn for vaccination? For starters, be wary of unsolicited communications offering early access to a vaccine, especially for a fee or in return for your personal data. Consult official sources for up-to-date information about vaccination and check with your known and trusted health care provider for additional guidance.

As ever, staying vigilant is the best way to avoid falling prey to a scam. Always avoid clicking on any links or downloading any attachments in emails or texts that come out of the blue from unknown sources. Use two-factor authentication at least on your most important online accounts, as well as reputable multi-layered security software with anti-phishing protection.