On Friday December 18th, the US DOJ seized two domain names that were claimed to be the sites of companies developing treatments for Covid-19.

The sites were really being used to
collect personal information of visitors and then use them for further phishing and malware attacks.

Don’t make the mistake of thinking there aren’t more fraudulent sites looking to steal your information or infect your computer.

Credential phishing emails use social engineering to exploit some of the basic questions and concerns that users and employees will have about the Covid-19 vaccines;
How soon will a vaccine be available?
Will it be safe?
How can I get it?
When can I get it?
How much will it cost?
Should I get it?

Credential thieves will promise to provide one or more answers to the above questions to tempt you to click the links and sign in or supply your personal information.
If you receive an email with links to answer the above questions, Think before you click!

Below is a screenshot of an actual phishing attempt using the Covid-19 vaccine to get users to click the link in the email and fill out a form.

If the user clicks on the link, they are taken to a fake site that is made to look like Adobe’s document cloud service asking you to login.

Once you sign in, the crooks get your login to use for other purposes. If you do have questions about the vaccine, don’t get them from an unsolicited email, text message or social media messaging apps.
Go to a trusted source directly, ask your medical professionals, or your County Health Department.
Think before you click!