Catches of the month: Phishing scams for January 2021

The start of 2021 is looking an awful lot like the end of 2020 – not least when it comes to cyber crime.

Scammers are as active now as they ever have been, so it’s essential that you remain vigilant in the post-Christmas period.

There have already been several warnings of new scams that people must be wary of, as we explain in this blog.

Don’t be fooled by vaccine scams

With millions of people across the UK set to receive COVID-19 vaccinations within the coming weeks, cyber security experts are warning people about related scams.

Researchers at Check Point and KnowBe4 have both spotted phishing campaigns exploiting the public’s uncertainty or eagerness to receive a vaccine.

Check Point’s threat intelligence teams found multiple scams that incorporate the topic in emails.

Many of them contain malicious attachments that that install malware and, in some specific cases, keyloggers, which can be used to steal the victim’s data, including usernames and passwords.

Meanwhile, KnowBe4 spotted a scam exploiting a news report that claimed that the Pfizer/BioNTech vaccine might not reach the US in large volumes until the spring of 2021.

Oded Vanunu, the head of products vulnerabilities research at Check Point, noted that people can protect themselves by looking for the usual signs of phishing.

This includes:

  • Checking the sender’s email address to see if the domain is legitimate;
  • Seeing whether the destination address of attached links matches the context of the message; and
  • Looking for language designed to make you panic or act immediately.

Vanunu also recommends that you use two-factor authentication on accounts wherever possible. This prevents criminal hackers from taking control of your account with only your username and password.

You can find more tips on how to protect yourself from scam emails by reading our blog: 5 ways to detect a phishing email – with examples.

University students targeted by email scam

With universities open – virtually at least – for a new semester, cyber criminals are taking advantage.

Security firm Zix discovered a phishing campaign that impersonates university correspondences with the aim of getting students to hand over their Office 365 login details.

The scammers pose as a university’s IT department, asking students to respond if they want their university credentials to remain the same. If they don’t comply within a set deadline, they will supposedly need to create a new password.

Those that click an attached link are directed to a webpage that asks visitors to authenticate themselves by providing their login details – but they are instead handing this information over to the attacker.

The scam was first identified in October, but universities and students should be concerned about a spike in attacks in the new semester, particularly given the ongoing issues with lockdown rules in the UK.

Students could easily find themselves frozen out of their account and unable to visit the IT department in person to correct the problem.

Can you spot a scam?

Make sure your staff know how to identify and avoid scams with our Phishing Staff Awareness E-Learning Course.

This 45-minute course uses examples like the ones above to explain how phishing works, what to look out for and the steps you should take to avoid falling victim.

No Responses