At the start of the pandemic outbreak, we saw an increase in Covid-related phishing and ransomware attacks. Now, as the world is starting to get vaccinated for the virus, phishers and scammers are trying to get people to hand over their credit card and social security numbers in exchange for a vaccination booking.
It doesn’t help that vaccine programs around the world have experienced bureaucratic fumbles and logistical delays, which have created shortages and confusion over availability. That confusion has created an opportunity for scammers and phishers to pose as legitimate government bodies to get personal information and credit card numbers.
It is worth noting that you will probably receive legitimate correspondence from a government body or vaccination center at one point or another. The key is discerning the real ones from the fraudulent ones. Whether you encounter them in a phone call, in your email inbox, or in the wild on a website, here’s what to look out for.
On the phone
Getting a phone call in general these days can seem rather suspicious if you only interact with others via texts and video chats. But for people who aren’t very online, such as your older family members, such phone calls can seem rather benign.
“A fee is required to secure or fast track a vaccination booking.”
If you do get a phone call from someone saying you can, for instance, jump the queue and get an earlier booking for a fee, that’s a scam. Asking for a deposit or a booking fee is a huge red flag, as is any language that tries to create a sense of urgency in getting a booking, like an abstract time limit to holding your spot in the line.
Beware of phone calls by people who impersonate government officials, vaccination centers, or clinics you’ve never heard of. You will never be asked to pay a fee for your vaccinations, so if you hear someone on the phone saying you need to pay for a vaccination booking, do not give them your payment information.
What you can do: Verify the caller’s identity, and clarify whether they need your credit card information to get a vaccine. If they insist on your credit card or ID card, do not respond to them and report the number as a scammer.
In your DMs and inbox
Phishing scams also appear in the form of SMS messages and emails, which may direct you to a website to fill out personal details like your name, ID, and credit card number. Clicking on links on a strange email in general can be risky, as it could also be a link to install malware onto your device.
“Your vaccination booking was not processed. Click here for more details.”
Such examples of these scams have been found in the wild and have looked like this:
Such emails and text messages can look very official, so be sure to check the emails and phone numbers from which these messages and emails come from. Other versions of these emails might not even be selling you vaccine appointments. They could be:
- asking to participate in fake vaccine surveys
- asking for payment to ship vaccines
- selling a pre-test before getting vaccinated
- paying to get your name on a waiting list to get vaccinated
What you can do to check: If in doubt, always go to the official source for details. This means a government statement or an official Covid-19 vaccination website (a .gov domain is a good sign).
On a website
In a similar vein to emails and SMS messages, phishing attacks can happen through websites, persuading visitors to sign up for a vaccine. Scammers can use websites to collect your personal and sensitive information such as your social security number or credit card number.
“Enter your credit card details to register for your vaccination.”
It could even be something novel like an ad on social media platforms to get early access to a vaccine, a shipment of vaccines, or a door-to-door vaccination service.
What you can do to check: Look out for typos, poor website design, and the address bar for a padlock symbol—that certifies it is an authentic, secured website. If it doesn’t have a padlock, it isn’t legit.
Covid vaccinations are free—otherwise, it’s a scam
Anyone asking for your private information is a red flag online, especially if they’re asking you to input your credit card or payment information. In particular, be extra suspicious if you’re asking to pay through unusual methods like gift cards, cryptocurrencies, or peer-to-peer cash transfer apps like Venmo or PayPal, and wire transfers.
Remember, you don’t need to pay to get a Covid-19 vaccine appointment or the vaccine itself. Buying the vaccine directly as an individual consumer is also not possible, so if anyone is telling you that you can, and all you need to do is to input your credit card details—say it with us—it’s a scam!
For official guidance on vaccine administration, visit your government’s official Covid-19 vaccination website, like the U.S.’s Covid-19 Vaccination page.