- Good news! Vaccinations are widely available in the United States!
- Bad news! Scammers are taking advantage of "online celebrations" marked by a vax card photo
- Scammers also use "second dose" anxiety to gather further usable info
The good news is this: COVID vaccinations are becoming easier and easier to get for more and more people in the United States. Many states are opening up vaccinations to the general public after early limited availablity, making it possible for anyone to get vaccinated against the COVID-19 virus and (so far) its variants. As more and more people get immunized, we head toward "herd immunity" and -- dare we hope? -- normal life again.
As of mid April, half of all US adults will have been vaccinated.
The Potential Dark Cloud Over Sharing News of Your Vaccination
In the United States, persons who are vaccinated receive a card that serves as confirmation of their COVID-19 inoculation. Given the hoops that people had to jump through early on to get the shot -- and as encouragement to others to get their shots as well -- it's become common to "celebrate" the event by posting a photo of your vaccination card on social media.
Bill Kresse, assistant professor of accounting at Governors State University -- and also known as "Professor Fraud" -- told KXAN in Chicago that sharing your COVID-19 vaccination card online and through social media could become a breeding ground for fraud.
Each vaccination card bears your name and date of birth. Kresse said that’s a great starting point for criminals trying to steal your identity.
“With that piece of information, you actually can go into the dark web, social media and get the other pieces you need, including your social security number,” he said. “You’re handing over, potentially, to identity thieves one of the access numbers on your tumbler lock that can access your identity.”
Kresse says goes on to note that the bad guys discover via social media that you've received your first shot. They can use that to create anxiety about the vital second shot by using the name and phone number to phish for their next victim:
Cue the scammer: “We’re gonna need your social security number to confirm your next appointment for your vital second shot..."
Taking Advantage of Stress and Anxiety
"The threat actors are using COVID-19 because it's this ambient anxiety that everyone has; they are worried about it, thinking about it, and so the threat actors are using that to get people to take an action," said Sherrod DeGrippo, Proofpoint cybersecurity expert.
Those actions include clicking on links in fake emails. DeGrippo discovered a scam IRS email that instructs recipients to click to apply for federal aid. But clicking the link downloads a virus that steals personal banking information and credentials.
"There are also things that say, the COVID-19 vaccine is here," DeGrippo said. "Click this link to make your appointment and get a vaccine before anyone else."
The Check is in the Mail
When scammers have addresses and other seemingly incidental information, they can easily create fake checks and real havoc.
Also via ABC7:
"Scammers are really good, they see what these stimulus checks look like and they just counterfeit them and send them to people and then contact them impersonating the government, claiming they overpaid or weren't entitled to a stimulus check in the first place; wanting you to send the money back to them," said Todd Kossow, Director of the Midwest Region of the Federal Trade Commission. "The check is fraudulent and so if you send them money back, you are just sending your own money."
More than ever before, we're seeing check fraud spurred by unprecedented events. What is different from the past is that banks and financial institutions are able to combat the fraudsters with technology. From educating your customer via warnings on your website or through communication channels like email or social media, to investing in technologies like OrbNet Forensic AI that detect counterfeit, forged, and altered checks, banks and financial institutions are positioned to drastically reduce the number of fraud losses for both themselves and their customers.