WA-phishing-LATA_blog-1200x600

1 minute read

Takeaways in this post:
  • Messaging apps like WhatsApp are being used to send COVID-19 vaccine-themed phishing messages in Latin America.
  • Many COVID-19 related themed attacks utilize recent news developments to lure in victims to their scheme.
  • Schemes target individuals for direct money transfers, PII, and account credentials and use various lures and methods.
 

SafeGuard Cyber has received reports that messaging apps like WhatsApp are currently being utilized by criminal actors to send COVID-19 vaccine-themed phishing messages to individuals in Latin America. While we have not captured any of these messaging application-based attacks targeting US citizens yet, we believe that messaging applications will be used to deliver these phishing lures in the near future if they are not being used to do so already.

Early this January, as the vaccines were starting to be administered, there was a spike in email, SMS, and telephone-based vaccine-themed phishing attacks in the US. These, and other COVID-19 related themed attacks, started targeting individuals at the beginning of 2020 and attempt to utilize recent news developments to lure in victims to their scheme. Several of these attacks reportedly used WhatsApp and Facebook Messenger to deliver their messages in the US (sources: Brooklyn Center PD, FTC, WHO), and there is no reason to believe that malicious actors will cease using messaging applications in this new wave of phishing attack campaigns.


Most of these attacks target individuals for direct money transfers, PII, and account credentials and use various lures and methods in targeting their victims (CNET put together a nice list of these variations), but it is not just limited to criminal activity.  Nation state actors have also utilized these COVID-19 themed phishing attacks to target pharmaceutical companies, such as the targeting of cold-chain providers reported on in December (source: Bloomberg). These attacks likely targeted employees of these companies in an attempt to get access to sensitive and proprietary information around the COVID-19 vaccine and its planned distribution.

These attacks pose a severe risk to the individual and any environments in which they may work. SafeGuard Cyber can help you protect against these threats by applying security and detection rules, similar to what you may have protecting your email system, to messaging applications. Our solution can help you identify and quarantine social engineering threats like these that may be targeting you and your employees through these often unprotected channels.



If you are interested in learning more about the security solution at SafeGuard Cyber and how you can protect yourself and your employees from WhatsApp phishing schemes, you can contact us and request a demo today.

 

Last updated
February 26, 2021
Storm Swendsboe
Written by
Storm Swendsboe

Subscribe to our newsletter