As soon as the vaccination campaigns have started, cybercriminals are already trying to imitate them. Will the first British example be imitated in France?
Predictable, but effective: The authors of phishing campaigns are once again proving their ability to adapt their scam scenarios to the news. While Great Britain has started its vaccination campaign against Covid-19 just a few weeks ago and is experiencing the worst sequence of contamination since the start of the epidemic, the professional association Chartered Trading Standards Institute (CTSI) is already putting beware of the many scams that take advantage of the event.
The warning, relayed by the BBC, mentions in particular a phishing campaign by SMS. The hackers pose as the NHS, the British equivalent of Social Security, and offer their targets to fill out an online appointment form for a vaccine injection. The recipient would be “eligible” and would only have to give some details. Except that if the form in the colors of the NHS first asks for personal information, it then requires to enter his bank details, for purposes of “identity verification”. Unfortunately if the victim bites the deceit, his information will be sucked by the criminals, who can resell it or exploit it for financial gain. And besides, she still won’t have a vaccination appointment.
According to British radio, the phishing campaign is just one scheme of scams among others who take advantage of the health context to steal money from their victims. The authorities recall that public bodies will never ask for certain confidential information such as passwords or bank details. ” The vaccine brings hope of an end to the pandemic and lockdowns, but some only want to create more misery by scamming others. », Over Katherine Hart, director of the CTSI.
Prepare for the French version of phishings already
In France, the vaccination campaign is being organized more slowly, but you don’t need to be a diviner to anticipate waves of similar phishings. As BFM reports, making appointments for in vaccination centers will be entrusted to three specialized companies: Maiia, Keldoc, and the ogre of the Doctolib sector. BFM also specifies that a confirmation SMS will be sent after the appointment is made, while a follow-up email will be sent after the injections.
All of these communications are exchanges that could potentially be imitated by criminals to trap their victims. Moreover, the identity of Doctolib is already regularly usurped by thugs, who surf on the popularity of the appointment booking service. By sending a fake Doctolib email to lists of fraudulently retrieved email addresses, there is a good chance that a majority has already used the service, and therefore opens the message.
Phishings can range from the simple theft of information to the deployment of particularly virulent ones. Last month, Cyberwar explained how hackers imitated a government text message to highlight a fake Tous Anti Covid app, which contained powerful malware. Nothing prevents thugs from adapting these operations to the devices around the vaccine.
*The article has been translated based on the content of Numerama by cyberguerre.numerama.com. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!