The rollouts of COVID-19 vaccines are steadily gaining speed, sparking hope that we may see the end of the pandemic and return to normal life sooner rather than later. This, however, has not escaped the notice of enterprising scammers who would like to cash in on the vaccine distribution effort by using fake offers and spewing out fraudulent emails.

Let’s dive in and look at some of the campaigns where cybercriminals attempt to relieve unsuspecting netizens of their personal information and money or spread baseless claims about the vaccines.

Fraudulent business offers

One common tactic involves offering various ways people could capitalize on the pandemic and vaccine rollout. These scams typically focus either on the COVID-19 vaccines themselves, or on the tech used to manufacture or store them.

In the first example below, the cybercriminal impersonates an employee of a pharmaceutical company, implying that it is somehow involved in the manufacturing efforts of the vaccines. To foster some degree of trust, the would-be con artist name-drops Whitman Laboratories, a real British pharmaceutical company that is not involved in such scurrilous behavior. Further, this scammer also opts for an encrypted email provider instead of the usual fraudster favorites Gmail or Hotmail.

Beyond these two points, the rest of the email bears all the hallmarks of a scam – it’s sparse on details, probably to prompt a reply, and has grammar mistakes and odd stylistic choices. It’s also worth noting that almost all COVID-19 vaccine sales negotiations are done directly between the manufacturers and governments, so a research assistant cold-calling potential buyers should raise doubt at the very least.

Meanwhile, the second example could be considered the polar opposite of the first. The fraudster behind this email purports to sell laboratory-grade freezing units, which some vaccines indeed do need so they don’t start to degrade. In this case, the scammers did their homework and went all out to make the email seem as plausible as possible, even going as far as to add a bit of marketing copy. On the one hand, the manufacturer does exist, it does have almost all the certificates claimed in the email, and in fact, does manufacture the advertised freezers in various sizes.

On the other hand, the classic staples of scams are clearly visible: the subject line is weird and misspells the name of the company, the greeting is general, impersonal, and commonly seen in some other familiar scam email realms; the email is riddled with grammar mistakes and lacks a signature. Besides, the product on offer focuses on a very niche market – these freezers are rarely found in a doctor’s office or even in most hospitals or drug stores.

Bogus COVID-19 payments

Another frequent tactic relies on posing as a health authority that is directly involved in battling the pandemic. The World Health Organization (WHO) has been among the most impersonated authorities in various COVID-19-related scam campaigns, with scammers – masquerading as WHO representatives and employees – trying to disseminate fake apps or pretending to offer important information.

However, the WHO is by no means the only authority being impersonated; in the following example, scammers pose as the United States Centers for Disease Control and Prevention (CDC). Here, the fraudsters actually get some of the information right – the CDC does indeed have an Emergency Operations Center and does have programs that work in tandem with public health partners. However, once you scrutinize the email further, the signs that a scam is afoot are more than evident. If you’re one of the CDC’s partners, you’re probably aware of its mission and don’t need a reminder, and if you haven’t been living under a rock you already know that several vaccines have already been developed, tested, and some have already been approved.

Beyond that, the formatting of the email is all over the place – it is riddled with typos and odd sentence structures, and most importantly: the message lacks details of why the partner should receive the hefty payment. One more thing that stands out is the name of the person reputedly in charge of the payment; while David W. Archey is a real agent who works for the Federal Bureau of Investigation (FBI), there is no reason why he should be the person in charge of delivering payments from another federal agency.

Conspiracy theories galore

As much as we’d like to deny the existence of conspiracy theories and hoaxes, the internet today is rife with them. If you look hard enough, you’d probably find viral falsehoods for pretty much any topic; currently, hoaxes surrounding the COVID-19 vaccines are at the forefront.

These also present an opportunity to spew out countless emails containing a slew of links that claim to reveal the “truth”, which usually consists of taking a piece of news or video and embellishing it to fit their narrative. Alternatively, a common tactic is taking what is said and misrepresenting, misquoting or framing it so that the “end product” sounds nothing like the original. All of this is done with the aim of producing shock value and convincing people to click on the links.

One such spam email uses a real interview with Bill Gates that is deceptively edited so that it misrepresents his views. It also disseminates various falsehoods that rely on baseless claims from various sources to “prove” its point, including videos that spread mistaken beliefs about the vaccines and are available both on YouTube and on a video hosting site that is particularly popular with extremists and purveyors of false stories.

To top it off, the email also references real chemical compounds and patents that are also freely searchable on the internet. Again, these are just used because they fit nicely into the narrative and are hoped to be intriguing enough to lure readers into clicking on the link.

Another email of the same ilk revolves around a new patent registered by Microsoft. This whole email is built around the number of the beast symbology coinciding with the publication number of the patent. But rest assured a quick search on the World Intellectual Property Organization’s (WIPO) IP portal reveals that what the Redmond-based tech giant patented is just a cryptocurrency system that uses body activity data. Neither of these emails are malicious, but they can be classified as internet hoaxes, so you don’t have to worry about any doomsday predictions just yet.

Not what the doctor ordered

These are just some of the examples of vaccine-themed scams that you might stumble upon and you can be sure that enterprising crooks will be doubling down on their efforts as the vaccine rollout continues. Also, given the rapid increase in new coronavirus variants, it would not be surprising to see that pop up in COVID-19-themed scams. One of the easiest ways you can stay safe is by using a reputable security solution that includes a spam filter. However, if you do receive an unsolicited email from someone you don’t know: always be extra vigilant and scrutinize it for telltale signs of a scam, including those described above.

Additionally, here are a few tips that will go a long way towards protecting you from various scam attempts:

  • Avoid clicking on links or downloading files that you received by email from a source you don’t know and cannot independently verify
  • If you received an email purportedly coming from an official organization, check their official website and contact them using their official contact information to determine that they really did send it to you
  • Look out for fraudulent business offers that seem too good to be true or offers from unverified senders
  • Use a reputable multi-layered security solution that includes protection against spam, phishing attempts and other threats