On Monday, December 28th, the United States Treasury’s Financial Crime Enforcement Network (FinCEN), sent a notice asking the financial sector to watch for and report COVID-19 vaccine fraud. FinCEN stated that the vaccine fraud may include the sale of unapproved and illegally marketed vaccines, the sale of counterfeit versions of approved vaccines, and illegal diversion of legitimate vaccines. Some criminals have already offered to provide the vaccine to individuals sooner for a fee. The notice also urged the financial sector to be on the lookout for ransomware attacks on distribution networks and the supply chains for the manufacture of vaccines. FinCEN detailed the proper procedures for reporting COVID-19 issues in the notice.
Binary Defense analysts have found some scams on Darknet sites that purport to offer COVID-19 immunizations in return for payment in Bitcoin. The pandemic continues to be a catalyst for ransomware campaigns, phishing attempts, and scams in 2020. Weekly COVID-19 related phishing attacks have gone from 5,000 in February, to more than 200,000 in April of 2020. To protect against phishing scams, it is important to educate employees about warning signs to look for and filter incoming email for potential threats, as well as keeping systems up to date with software patches and monitored for security events using EDR software. Protect online access to accounts using multi-factor authentication. Be on the lookout for addresses that attempt to obscure the domain portion of the URL and validate sources sending unknown links.