Consumer Alert: Phishing scam on vaccine verification

NYS Consumer Protection

Scammers use fake text message to try to get users to click on fraudulent Link 

Phishing texts are fraudulent messages to trick the recipient into installing malicious software onto a computer or mobile device or designed to obtain data or sensitive personal information to commit identity theft.

The New York State Division of Consumer Protection and the New York State Department of Health today warned New Yorkers of a text message phishing scheme targeting those attempting to validate vaccine status to try to steal personal information. Phishing texts are fraudulent messages to trick the recipient into installing malicious software onto a computer or mobile device or designed to obtain data or sensitive personal information to commit identity theft.

The State of New York and many private employers recently required certain employees to be fully vaccinated, and scammers are exploiting the policy to try steal people’s personal and private information. The illegitimate text message shown below attempts to impersonate the NYS Department of Health and tells the recipient they are required to enter their information to validate their vaccination status. The site the message links to is also fraudulent. Anyone who receives such a text message should delete it right away.

Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day. Entering any information could put anyone at risk of identity theft.  

To help protect against phishing or smishing (SMS phishing) scams, the NYS Office of Information Technology Services (ITS) and the Division of Consumer Protection recommend the following precautions:

  • DO exercise caution with all communications you receive, including those that appear to be from a trusted entity.  Inspect the sender’s information to confirm the message was generated from a legitimate source.
  • DO keep an eye out for telltale signs of phishing - poor spelling or grammar, the use of threats, the URL does not match that of the legitimate site. If the message does not feel right, chances are it is not.
  • DON’T click on links embedded in an unsolicited message from an unverified source.
  • DON’T send your personal information via text.  Legitimate businesses will not ask users to send sensitive personal information through text message.
  • DON’T post sensitive information online.  The less information you post, the less data you make available to a cybercriminal for use in developing a potential attack or scams.

For more information on phishing scams, as well as steps to mitigate a phishing attempt, visit the NYS Office of Information Technology Services Phishing Awareness resources page at https://its.ny.gov/resources  or the Division of Consumer Protection Phishing Scam Prevention Tips page at https://dos.ny.gov/identity-theft-prevention-and-mitigation-program.

The New York State Division of Consumer Protection serves to educate, assist and empower the State’s consumers. For more consumer protection information, call the DCP Helpline at 800-697-1220, Monday through Friday, 8:30 am-4:30 pm or visit the DCP website at https://dos.ny.gov/consumer-protection. The Division can also be reached via Twitter at @NYSConsumer or Facebook at www.facebook.com/nysconsumer.