As the pandemic continues, so do scams related to it attempting to trick vulnerable citizens with offers that promise relief, but only deliver harm. Recently with the vaccines beginning their rollout, researchers are finding numerous scams related to them. Offers like secret early release lists, vials of the vaccine for sale for $110 to $1,500 per vial, and people posing as scientists and researchers asking for donations. Recorded Future tracked new domain name registrations with the combination of “vaccine” and “COVID-19” or “Coronavirus” and said they nearly doubled from October to November. They stated many domains were just useless or used for advertising, but a lot of them would also end up being used for phishing pages.
As long as the pandemic continues, it is likely scam efforts related to it will as well. The US Department of Health and Human Services (HHS) as well as the companies behind the creation of the vaccines have been working together to make sure their labels and other packaging cannot be recreated and used in scams. Anyone who may discover vaccine-related scams is asked to report them. If a contact at the HHS or FBI can’t be found, report it to a local health department. Enterprise defenders should use DNS logs to detect when employees have visited websites with suspicious domain names related to the pandemic, and if an employee is found to have visited a phishing page, their password should be reset, and authentication logs should be examined to find any suspicious login events.
A recent list of suspicious COVID-19 related domain names used in phishing campaigns can be found here: https://otx.alienvault.com/pulse/5ff277daba4d6b4fd57e1b60