COVID-19 vaccines offered by email or text? How to identify a phishing scam – CNET
As we all hope for the end to the coronavirus pandemic, many people are understandably focused on the COVID-19 vaccine. Scammers know that. And while you’re dreaming about hugging loved ones, going to concerts or just feeling safe inside a grocery store, they’re busy crafting vaccine-related phishing campaigns to trick you into handing over personal information, money or access to your device.
Last month, the FBI issued a warning urging people to be cautious when opening emails and texts from unknown senders who promise information on getting a vaccine. The Financial Crimes Enforcement Network, a division of the US Treasury Department, has done the same. Still, police in Florida, the UK and other jurisdictions say they’re seeing scams continue to pop up. In the English county of Derbyshire, law enforcement officials say scammers sent out texts with links to a site that painstakingly imitated the UK’s National Health Service. The goal was to steal personal and financial information, authorities said.
Online scammers have used crises and major events to con people for years. The pandemic has created an appealing situation because the entire world is aware of the disease and the hardship it’s caused in everyone’s lives. On top of that, the virus has pushed many work from, where they still have access to sensitive workplace information. From a criminal’s perspective, it’s a great opportunity to get lots of people to act against their better judgment. as soon as the pandemic took hold, offering snake oil cures that never materialized in exchange for credit card numbers. They also tried to trick people into clicking on malicious links that put users at risk of ransomware attacks or identity theft.
Now vaccines give scammers another lure for their targets.
“These attacks prey on our desire for information in times of uncertainty,” said Tony Pepper, CEO of cybersecurity firm Egress. The attacks, Egress says, can be “incredibly convincing,” particularly to older people, who are at the top of lists for getting vaccines and may be waiting to hear from medical authorities.
Setting up a scam
As early as November, researchers at cybersecurity firm Check Point noticed a significant increase in website domain names that reference vaccines. Scammers typically register a new domain name related to their con when setting up a phishing campaign to serve as a place to lure their targets.
The websites may contain legitimate-looking web forms meant to steal payment or health care information, or they might host malicious software that installs on your device when you visit. Malicious software, or malware, can leave you vulnerable to, that and other intrusive attacks from hackers.
The next step in a vaccine scam is crafting a compelling message designed to get you to respond, even if you know you shouldn’t. The Check Point researchers have found emails with subject lines including, “pfizer’s Covid vaccine: 11 things you need to know,” which is written to play on people’s desire for information about how to get the vaccine and address lingering questions about whether it’s safe. The email with that subject line contained a malicious file that would have infected recipients’ computers with malware if opened.
Avoiding vaccine-related fraud
A good rule for avoiding fraud is to be skeptical of any message that asks for your personal or payment information, or requires you to click on a link or download a file. It may be hard, but stop and think before responding to these messages if you want to stay safe.
The FBI urges people to be wary of any email, text message or phone call offering information about the coronavirus vaccine that comes from a sender you don’t recognize. Instead, get your information about vaccines from official sources, like state and local health departments, the FDA and your doctor.
Finally, be mindful that your health information can also be used for medical identity theft. Only give out your insurance or health information to professionals you know and trust. Fraud experts also suggest looking at your insurance claims closely to make sure no one else is using your health insurance. What’s more, don’t trust strangers who send unsolicited messages offering Medicare benefits, coronavirus tests or vaccines in exchange for your personal data, including your Medicare information. According to the US Department of Health and Human Services, that’s another scam that’s become common in the pandemic.
The information contained in this article is for educational and informational purposes only and is not intended as health or medical advice. Always consult a physician or other qualified health provider regarding any questions you may have about a medical condition or health objectives.