The New York State Division of Consumer Protection and the State Health Department have warned residents of a text message phishing scheme to try to steal personal information from those attempting to validate their Covid-19 vaccine status.
Phishing texts are fraudulent messages to trick the recipient into installing malicious software onto a computer or mobile device or designed to obtain data or sensitive personal information to commit identity theft.
The State and many private employers recently required certain employees to be fully vaccinated, and scammers are exploiting the policy to try steal personal and private information. Illegitimate text messages aim to impersonate the Health Department and tell the recipient they are required to enter their information to validate their vaccination status. The site the message links to is also fraudulent. Anyone who receives such a text message should delete it immediately.
Scammers use email or text messages to trick recipients into disclosing personal information. They may try to steal passwords, account numbers, or Social Security numbers, which can be used to gain access to email, bank, or other accounts. Scammers launch thousands of phishing attacks daily. Entering any information puts one at risk of identity theft.
To help protect against phishing or smishing (SMS phishing) scams, the State Office of Information Technology Services and the Division of Consumer Protection recommend that residents exercise caution with all communications received, including those that appear to be from a trusted entity. The sender's information should be inspected to confirm the message was generated from a legitimate source. Telltale signs of phishing include poor spelling or grammar, the use of threats, and a URL that does not match that of the legitimate site. If a message does not feel right, chances are it is not.
The Office of Information Technology Services and the Division of Consumer Protection advise against clicking on links embedded in an unsolicited message or from an unverified source. Personal information should not be sent via text message. Sensitive information should not be posted online, as the less information posted, the less data is made available to a cybercriminal for use in developing a potential attack or scam.
More information on phishing scams and steps to mitigate a phishing attempt is at the Office of Information Technology Services Phishing Awareness resources page at its.ny.gov/resources or the Division of Consumer Protection Phishing Scam Prevention Tips page at dos.ny.gov/identity-theft-prevention-and-mitigation-program.