COVID-19 vaccine scammers are still lurking

In some attacks, the hackers attempted to steal credentials from employees at Walgreens.
COVID-19 Vaccine
A medical worker draws COVID-19 vaccine from its bottle. (Alex Wong/Getty Images)

Scams looking to take advantage of people attempting to get vaccinated against the coronavirus are alive and well.

In the approximately two months since the first COVID-19 vaccines became available in the U.S., vaccine-related phishing campaigns aimed at stealing victims’ credentials increased by 530%, according to Palo Alto Networks’ Unit 42 research published Wednesday.

In one campaign, hackers created a website that imitated a page for the Pfizer and BioNTech vaccine, requesting users’ Office 365 credentials to purportedly register for a vaccine.

Phishing campaigns targeting employees of hospitals and pharmacies rose 189% during the same time period, the researchers found.


In some attacks, the hackers attempted to steal credentials from employees at Walgreens, Canada-based Pharmascience, India-based Glenmark Pharmaceuticals and China-based Junshi Biosciences.

Unit 42’s findings cover scams researchers tracked through the end of last month.

The pandemic has spurred on a flurry of new cyberthreats over the course of the last year. Suspected criminal and nation-state hackers have gone after hospitals with ransomware attacks, coronavirus research, users’ credentials and also have run financially-focused scams.

Unit 42 researchers note that hackers seeking to exploit people’s fears over contracting the deadly coronavirus have been shifting their message to seize on news of the day over the last year, from testing, masks and hand sanitizer, eventually shifting to government relief programs and vaccines.

The “attackers have continued to change their chosen tactics to adapt to the latest pandemic trends, in hopes that maintaining a timely sense of urgency will make it more likely for victims to give up their credentials,” the Unit 42 researchers write in a blog on the research. “We predict that as the vaccine rollout continues, phishing attacks related to vaccine distribution – including attacks targeting the healthcare and life sciences industries – will continue to rise worldwide.”


The research notes that Microsoft has been the most popular brand for hackers to imitate in attempts to steal people’s credentials in the last several months. Other popular targets included Yahoo, Webmail, Outlook, PayPal, Google accounts, LinkedIn and Facebook.

Other researchers have also found a rise in vaccine-related spearphishing in recent weeks, albeit to a lesser extent: Barracuda Networks found a 26% rise in vaccine-related phishing emails between October and the end of January. Check Point researchers have found a rise in vaccine-related domain registrations in recent weeks as well.

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts