Positive COVID vaccine news could lead to an increase in email phishing

The news that the US authorities have approved a second COVID-19 vaccine is another step in the right direction for bringing the global virus under more manageable control. The Food and Drug Administration (FDA) authorised the use of the MRNA-1273 vaccine, produced by US-based Moderna.

It is likely that the distribution of the vaccine will begin within the US in the next few days, with the US Government agreeing to buy 200 million doses, whilst the UK has pre-ordered seven million doses. The vaccine is slightly different to the Pfizer vaccine, which began being administered in the UK last week as it can be stored at a higher temperature (-20c to -75c for the Pfizer one) which makes the logistical headaches of safe distribution and administration slightly easier.

So, what’s the issue? From an intellectual property point of view, there are inherent risks of fraudsters using the news and the impending availability to create campaigns that are designed to defraud unwitting potential recipients.

The vaccine, MRNA-1273 started off its life in China back in January and it was then shared with Moderna who have developed and trialled the vaccine since. There’s no surprise to learn that domain names, such as MRNA-1273.com, were registered back in January and have since laid dormant. The danger now is that they could become active and convincing looking websites built to fool unsuspecting victims.

The Moderna domain name portfolio doesn’t yet appear to feature domain names using the word “vaccine” or “mrna1273”. The danger of not securing relevant domain names, which will include TLDs such as .online, .help, .health or .store, means that cyber criminals can quickly create email campaigns that direct unsuspecting victims to authentic-looking websites that could be designed to capture personal, financial and health data from people.

To understand why cyber criminals will try to gain the trust of any victim in a vaccine scam you only have to know the value of our data. According to a report published by Trustwave, the value of a payment card on the dark web is around $5.40 whilst someone’s healthcare information can fetch up to $250, with data protection company Protenus suggesting a full record, including more personal information could fetch up to $1,000. To put this into context, the cost of registering a domain name is often less than $1, setting up a website takes an hour or so, whilst sending an email costs virtually nothing. It isn’t hard to see why these fraudulent email campaigns are still a major concern for us all.

It is great news that the pharmaceutical and drug companies have pulled out all the stops to create effective and safe vaccines that will benefit us all. Whilst they will have intellectual property and brand protection programmes in place, it also needs us all to be part of the solution and not give the cyber criminals the satisfaction, or the opportunity to profit, from our online activities.

If it goods too go to be true……

STOP PRESS: The US Department of Justice has already seized two domain names being used to fool people in thinking they were on a website belonging to Moderna. Don’t think this issue is going to go away any time soon!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s