The Federal Trade Commission (FTC) recently released a consumer alert warning against fraudulent COVID vaccine surveys designed to steal personal information and money.
With nearly half of U.S. adults at least partially vaccinated, scammers have shifted their focus on to target the vaccinated population. Consumers have reported receiving emails and text messages inviting them to complete a post-vaccine survey for the Pfizer, Moderna and AstraZeneca vaccine. (The FTC has not reported any surveys associated with Johnson & Johnson, but that’s likely because no one has reported it yet.)
The surveys are not only possible phishing/smishing attacks that link to malware, but in some reported cases surveys you can finish for a “free gift” with the caveat that you pay shipping—which requires your credit card or bank information.
Images courtesy of FTC
Regardless of the type of fraud, protect yourself by avoiding these types of scams with the same best practices cyber professionals have encouraged from the beginning.
Don’t click on any suspicious links or open attachments.
Don’t use the contact information provided on the emails/texts—look them up online if you need to.
Don’t provide your bank account, credit card or personal information to unsolicited communications.
Don’t assume the sender name means a valid person (i.e. From CDC )
The Better Business Bureau also shared best practices for spotting a COVID-19 text messaging scam during the first wave of attacks that still stands true:
Government agencies do not typically communicate through text messages. Go to the agency's website yourself (without clicking on the link) to verify any activity you receive via text.
Ignore instructions to text "STOP" or "NO" to prevent future texts. This is a common ploy by scammers to confirm they have a real, active phone number.
If you think your text message is real, be sure it's directing to a web address like "agency.gov" or “agency.ca,” not "agency.otherwebsite.com."
Check for look-alikes. Be sure to do your research and see if a government agency or organization actually exists. Find contact info on your own and call them to be sure the person you’ve heard from is legitimate.
COVID-19 related fraud isn’t new, but continues to change as the pandemic evolves. The first wave of Coronovirus cyber scams included the John Hopkins coronavirus tracker malware, fraudulent PPE, spear phishing campaigns focused on pandemic financial legislation and a host of smishing campaigns for “mandated” federal COVID-19 testing. As the pandemic continues, we know scammers will do what they do best—capitalize on current events and shift their campaigns as needed. So, remember erring on the side of caution is your best bet.
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.