The Federal Trade Commission (FTC) recently released a consumer alert warning against fraudulent COVID vaccine surveys designed to steal personal information and money.
With nearly half of U.S. adults at least partially vaccinated, scammers have shifted their focus on to target the vaccinated population. Consumers have reported receiving emails and text messages inviting them to complete a post-vaccine survey for the Pfizer, Moderna and AstraZeneca vaccine. (The FTC has not reported any surveys associated with Johnson & Johnson, but that’s likely because no one has reported it yet.)
The surveys are not only possible phishing/smishing attacks that link to malware, but in some reported cases surveys you can finish for a “free gift” with the caveat that you pay shipping—which requires your credit card or bank information.
Images courtesy of FTC
Regardless of the type of fraud, protect yourself by avoiding these types of scams with the same best practices cyber professionals have encouraged from the beginning.
- Don’t click on any suspicious links or open attachments.
- Don’t use the contact information provided on the emails/texts—look them up online if you need to.
- Don’t provide your bank account, credit card or personal information to unsolicited communications.
- Don’t assume the sender name means a valid person (i.e. From CDC )
The Better Business Bureau also shared best practices for spotting a COVID-19 text messaging scam during the first wave of attacks that still stands true:
- Government agencies do not typically communicate through text messages. Go to the agency’s website yourself (without clicking on the link) to verify any activity you receive via text.
- Ignore instructions to text “STOP” or “NO” to prevent future texts. This is a common ploy by scammers to confirm they have a real, active phone number.
- If you think your text message is real, be sure it’s directing to a web address like “agency.gov” or “agency.ca,” not “agency.otherwebsite.com.”
- Check for look-alikes. Be sure to do your research and see if a government agency or organization actually exists. Find contact info on your own and call them to be sure the person you’ve heard from is legitimate.
COVID-19 related fraud isn’t new, but continues to change as the pandemic evolves. The first wave of Coronovirus cyber scams included the John Hopkins coronavirus tracker malware, fraudulent PPE, spear phishing campaigns focused on pandemic financial legislation and a host of smishing campaigns for “mandated” federal COVID-19 testing. As the pandemic continues, we know scammers will do what they do best—capitalize on current events and shift their campaigns as needed. So, remember erring on the side of caution is your best bet.
The FTC encourages anybody who receives potentially fraudulent texts or emails to report them online at ReportFraud.ftc.gov, and you can keep up-to-date with the latest FTC updates on their webpage Coronavirus Advice for Consumers.
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].
In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
