FTC Issues COVID-19 Vaccine Scam Alert

The Federal Trade Commission (FTC) recently released a consumer alert warning against fraudulent COVID vaccine surveys designed to steal personal information and money.

With nearly half of U.S. adults at least partially vaccinated, scammers have shifted their focus on to target the vaccinated population. Consumers have reported receiving emails and text messages inviting them to complete a post-vaccine survey for the Pfizer, Moderna and AstraZeneca vaccine. (The FTC has not reported any surveys associated with Johnson & Johnson, but that’s likely because no one has reported it yet.) 

The surveys are not only possible phishing/smishing attacks that link to malware, but in some reported cases surveys you can finish for a “free gift” with the caveat that you pay shipping—which requires your credit card or bank information.

Images courtesy of FTC

Regardless of the type of fraud, protect yourself by avoiding these types of scams with the same best practices cyber professionals have encouraged from the beginning.

  • Don’t click on any suspicious links or open attachments.
  • Don’t use the contact information provided on the emails/texts—look them up online if you need to.
  • Don’t provide your bank account, credit card or personal information to unsolicited communications.
  • Don’t assume the sender name means a valid person (i.e. From CDC )

The Better Business Bureau also shared best practices for spotting a COVID-19 text messaging scam during the first wave of attacks that still stands true:

  • Government agencies do not typically communicate through text messages. Go to the agency's website yourself (without clicking on the link) to verify any activity you receive via text.
  • Ignore instructions to text "STOP" or "NO" to prevent future texts. This is a common ploy by scammers to confirm they have a real, active phone number.
  • If you think your text message is real, be sure it's directing to a web address like "agency.gov" or “agency.ca,” not "agency.otherwebsite.com."
  • Check for look-alikes. Be sure to do your research and see if a government agency or organization actually exists. Find contact info on your own and call them to be sure the person you’ve heard from is legitimate.

COVID-19 related fraud isn’t new, but continues to change as the pandemic evolves. The first wave of Coronovirus cyber scams included the John Hopkins coronavirus tracker malware, fraudulent PPE, spear phishing campaigns focused on pandemic financial legislation and a host of smishing campaigns for “mandated” federal COVID-19 testing. As the pandemic continues, we know scammers will do what they do best—capitalize on current events and shift their campaigns as needed. So, remember erring on the side of caution is your best bet.

The FTC encourages anybody who receives potentially fraudulent texts or emails to report them online at ReportFraud.ftc.gov, and you can keep up-to-date with the latest FTC updates on their webpage Coronavirus Advice for Consumers.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].

In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2022 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
The Top Ten Most Common Passwords of 2022
Buyer Beware: Five Common Holiday Scams of 2022
New Phishing Scam Targets Verified Twitter Accounts
Cybersecurity Awareness Month is Over… Now What?
The Latest on the CommonSpirit Health Ransomware Attack
Former Uber CSO Joe Sullivan Found Guilty of Obstruction of Justice and Misprision
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.