Count yourself in for a vaccine phish: new phishing campaign exploits concern over COVID-19 vaccine availability

A COVID-19 vaccine-themed phishing campaign was discovered by Area 1 Security in December, exploiting concerns about vaccine distribution. The attack leverages misinformation to steal Personally Identifiable Information (PII) from targets for identity theft and fraudulent activities. The phishing message impersonates the Centers for Disease Control and Prevention (CDC), soliciting sensitive information under the guise of ensuring vaccine availability. The campaign uses advanced techniques such as Display Name Spoofing, SMTP HELO command spoofing, and exploits newly registered domains to evade phishing detection.