New data from Barracuda Networks reveals that hackers are taking advantage of the heightened focus on the COVID-19 vaccine and are increasingly using vaccine-related emails in targeted spear-phishing attacks.

The findings, which were contained in the company's most recent Threat Spotlight, analyzed phishing emails between October 2020 and January 2021. The number of vaccine-related spear-phishing attacks increased by 12% immediately following vaccine availability announcements from Pfizer and Moderna in November 2020. However, by the end of January 2021, following the continued successful rollout of the vaccine, the average number of vaccine-related spear-phishing attacks was up 26% since October.

In the time frame analyzed, Barracuda observed spikes in vaccine-related phishing activity centered around new updates, announcements and ground-breaking approvals from around the world. Researchers concluded that this is due to mass phishing campaigns centered around spiking public interest towards the vaccine, in an effort from the perpetrators to improve the effectiveness of their phishing attack campaigns.

Barracuda researchers identified two predominant types of spear-phishing attacks using vaccine-related themes: brand impersonation and business email compromise.

The former is an email attack form which is used to impersonate a well known brand or organization and includes a link to a phishing website advertising early access to vaccines, offering vaccinations in exchange for a payment, or even impersonating health care professionals requesting personal information to check eligibility for a vaccine.

Business Email Compromise (BEC) attacks are instead used to impersonate individuals within an organization or their business partners. Barracuda observed that recently these highly targeted attacks turned to vaccine-related topics. Common examples include impersonating employees needing an urgent favor while they are getting a vaccine or an HR specialist advising that the organization has secured vaccines for their employees. 

As vaccine rollout continues to pick up pace in a handful of countries around the world, continued increases in fraud surrounding this area is expected to continue.