FBI Warns of COVID-19 Vaccine Fraud SchemesFraudsters Attempt to Steal Money, Personal Information
The warning issued this week included input from the U.S. Department of Health and Human Services Office of Inspector General and the Centers for Medicare and Medicaid Services.
The alert notes that scams may involve offers for early access to vaccines by paying in advance, requests for cash to receive a vaccine or to get added to a waiting list as well as offers to ship doses of the vaccine in exchange of money transfers.
"We continue to work diligently with law enforcement partners and the private sector to identify cyber threats and fraud in all forms," the FBI states.
Signs Of Scams
Earlier, the U.S. Justice Department announced that investigators had seized and shuttered two domains impersonating the pharmaceutical firms Moderna, which has begun shipping a COVID-19 vaccine, and Regeneron, which developed a treatment for COVID-19. The goal was to steal personal data (see: DOJ Seizes Fake Domains Impersonating Moderna, Regeneron).
Previously, the U.S. Cybersecurity and Infrastructure Security Agency, citing a report by IBM, warned organizations of a global phishing campaign targeting the cold storage and transport supply chain. Many vaccines in development must be kept at low temperatures before being administered (see: Phishing Campaign Targets COVID-19 'Cold Chain').
And Interpol recently of a potential surge in organized crime activity tied to COVID-19 vaccines. The alert followed a recent report of spikes in alleged cyberattacks by suspected North Korean hackers against companies working on vaccines and treatments (see: Interpol: Organized Crime to Capitalize on COVID-19 Vaccines).
"According to the Federal Trade Commission, well over 275,000 Americans have reported financial losses of over $211 million due to COVID-19-related scams,” says Rosa Smothers, a former CIA cyber threat analyst and now a senior vice president at security firm KnowBe4. “As long as social engineering is profitable … the public must remain vigilant when it comes to providing personal information to websites and links in unsolicited emails."
Earlier this week, researchers with Abnormal Security reported that cybercriminals are using the promise of a $600 pandemic relief payment in phishing emails that spoofed the New York State Department of Labor.