Omicron phishing scams hit the web
Though the world has eagerly desired a return to norms, the lingering threat of Covid keeps things in check. Though the disease is mostly kept in check, depending on the area and acceptance of a vaccine reality, variations of Covid keep us on our toes. With news of an Omicron variant emerging, federal agencies are establishing new alerts and advising caution.
Now, if you’ve kept up with world tech trends, you’ve noticed two things: tech solutions for pandemic-related threats and spikes in cyber-attacks. Unsurprisingly, ransomware and threat actors were swift to jump on Omicron-related concerns with a fresh wave of social engineering schemes. This is not surprising behavior. The “good” news is it creates a foundation of predictability. When disaster strikes, there are vultures on the hunt looking for an easy cash-in.
The phishing blueprints
When health concerns rise, typically people look for health solutions, advice, and potential cures to the disease. That was a big characteristic of COVID-19 scam emails, some promising things like financial government benefits to “free” medical supplies to early access to vaccines.
For the Omicron Covid variant, a UK health watchdog has already snuffed out phishing attempts that follow the mentioned traits. This one follows a similar pattern, in that phishing scams appear as legitimate messages and emails from the UK’s health authority. It also misleads recipients that it can offer a free Omicron-related checkup and examination “ahead of time.”
An example of said message is seen here:
Troubling, because at first glance, it’s very convincing. In fact, one of the first telling errors is hard to notice, and can easily be written off as a basic typo. Do you see it? If not, it’s the lack of a space after the end of the first sentence. Afterward, the word usage is indeed clunky, and some don’t sound right, but it’s not immediately obvious this is a phishing scam. The only red-flag trait that stands out is the call to action to click the link (which conveniently leaves out its host).
Other flaws of the email and messages imply there are “new” test kits available for the Omicron variant, or that current test kits do not work. But regardless of the claim, each phishing email persuades the user to either click on a link or fill out a form, or both. Some even come with official-looking customer support emails, but of course, having nothing to do with healthcare officials.
Another trend synonymous with threat actors and ransomware schemes is the creation of fake host sites. Designed to appear official, their goal is the same: to get users to supply personal information and login information, such as with email. That’s enough for identify fraud attempts, or worse.
The scams are new, so identifying them asap is important. The report I’ve glanced at details scams in the UK, but it won’t be long until variations of Omicron phishing attempts are a global and United States problem.
The tried-and-true protections
Despite the new wave of phishing and spam campaigns, the traits of these phishing emails are nothing different. Protecting yourself is easy, so long as you practice scrutiny. Don’t click on links proved in Covid related emails, especially those promising easier access to testing or vaccine methods. And if you’re still unsure, check with official sources first. Health and federal authorities will have statements on the Omicron variant and their current response plan. Even with official statements on the virus, it’s unlikely you will receive unsolicited claims from a shady source.
Once again, in times of crisis, it’s important to recognize there are those always looking to take advantage.