How hackers are using the latest COVID-19 trends to push phishing scams
Christy Wyatt, Absolute Software President & CEO, joined Yahoo Finance Live to discuss the latest phishing scams surrounding COVID-19.
- Scams have been trying to take advantage of people since the beginning of the pandemic, trying to rip people off, looking for PPE or masks. And then it was people looking for testing kits, and now, it's apparently, vaccines. There have been phishing attacks targeting vaccine sites. That's becoming a thing that's according to a report from cyber security firm, Palo Alto.
But for more on this, let's bring in Christy Wyatt. She's the president and CEO of Absolute Software, which provides security software. And Christy, I understand that you've been watching this space very closely. Describe to us exactly what's happening in the cybersecurity space regarding some of these vaccine sites that everyone are trying to rush to.
CHRISTY WYATT: Sure. I think the best place to start is to understand that what you have is a mass mobilization of devices. So we're standing up vaccination sites in all sorts of unusual locations, with lots of different individuals, volunteers. Now, we have the military participating. And so we have a lot of patient information and a lot of vulnerable information going into unusual locations, and that just opens up a lot of opportunity for bad actors to try to target either those devices or those individuals, knowing that people are just trying to access the vaccine.
- And Christy, for our viewers out there who may have been the subject of this or are nervous about being targeted here by some of these scammers, what can they look out for? I mean, what are some of the trends that you're noticing?
CHRISTY WYATT: So there's really two different pieces that I pay attention to. The first is-- and I think, you mentioned it earlier. When the pandemic started, there was a lot of online phishing or fake websites, targeting test kits or PPE. And then we saw that move to a lot more scams focused around stimulus dollars and how you get access to more resources, and now we're seeing it happen around vaccinations.
So you also have a lot of variety State by State, where how you sign up and how you receive care is going to vary depending on where you are. So you have to take that extra step to make sure that the website you're going to is actually the authorized, the official one. It's always good to go through a government website and work your way back from there.
It feels very uncomfortable for a lot of consumers because they're being asked to do almost exactly what we've told them not to do, put in a lot of personal information to register for these sites. So pay a lot of attention to the site you're going to, to the URL, to the source of the information.
- I was going to say, Christy, could you expand on that? Sorry. I just wanted to ask if you could expand a little bit on the types of things that consumers should be watching out for as they look at these sites. Obviously, we're being asked to put in information about even our health histories in this case. Are there certain red flags that consumers-- well, not consumers, but everyone should be watching for when they're trying to register online for these vaccines that would say this might be a scam?
CHRISTY WYATT: Absolutely. So any authorized registration process is not going to ask you to email in information. Pay a lot of attention to the clicks that you click on to click through. You can always go and search for that location in a separate browser from a separate place to make sure you get to the same place.
A lot of these phishing scams and attacks are very, very clever. They try to make the URL or the UI of the website you're going to look a lot like the one that you think you're trying to go to. And part of the challenge is that these are all new sites. If somebody was trying to pretend that they were your bank or your employer, you'd have a better chance of catching it because you're used to seeing those sites, but many of these sites are new.
So really pay attention to where you are and the information that you're being asked to input into. And also, what device are you being asked to use. It's really, really important that we're paying attention to the security that's installed on these devices that's protecting this information.
- Christy, what about-- and I don't know if you can answer this, but we've heard risks about people posting pictures of the COVID-19 vaccination cards, that scammers could have used that information there in order to get money or to get more information about whoever is posting that. Does that pose a fraud risk, in your opinion?
CHRISTY WYATT: Again, I think any time we have a situation where we're mobilizing a lot of data in unusual places, there's going to be an opportunity for fraud. So for example, if there's a vaccination site that's set up in a church or a gymnasium or a stadium and that situation is connected or disconnected, if that device becomes compromised in some way, that device could be capturing information, that it's leaking it where it's maybe not supposed to be going.
So there is a lot of opportunity for bad actors to insert themselves into the process in a whole host of different ways. I think, in general, there's a lot of trusted voices. You know your caregivers. You can go back and validate on the various different government registration forms. If you feel uncomfortable about the data that you're being asked to input, by all means, go back in and ask more questions. But this is really a time to be vigilant.
- All right. Well, Christy Wyatt, Absolute Software president and CEO, with some pretty important reminders for anyone trying to get that vaccine out there. Thanks, again, for joining us on "Yahoo! Finance" this afternoon.