The COVID-19 vaccine is rolling out today here in Australia but watch out because there’s likely to be an ‘avalanche’ of spam related to the new vaccine as this is what happened in the UK, according to Jacqueline Jayne, Security Awareness Advocate for KnowBe4.
Jayne says when an event like this happens, it’s only a matter of time until the bad guys try to take advantage of the news about the COVID vaccine by crafting new attacks: “We’ve already seen scams in the UK with cyber-criminals creating fake vaccine registration pages to capture personal information,” she says.
“Australians should be particularly suspicious of any vaccine-themed emails or text messages, especially those containing attachments or instructing them to click on a link, as these messages could very well be part of a social engineering attack,” she warns.
“When in doubt, people should contact their doctor or healthcare provider through tried and trusted channels and not give any information to unknown websites, text messages, or phone calls,” she adds.
Jayne says it’s largely because we’re in a time where because of COVID, emotions are heightened, so it’s important that people remain vigilant as to which links they click on and where they share any personal information.
Here at Women Love Tech, we talked more about this situation with Jacqueline Jayne, asking her about what happened overseas.
WLT: Do you know if a lot of people were caught out by the COVID vaccine scams in the UK?
Jayne: On the 26th January 2021, UK based Action Fraud, the national reporting centre for fraud and cyber crime, reported on an email, which attempts to trick people into handing over their bank details. This email was reported more than 1,000 times in 24 hours. It appears to come from the NHS and asks the recipient to click on a link to accept or decline an invitation to receive the COVID vaccine. If they click accept, they are asked to input personal information and their bank card details. You can see it here.
WLT: In this environment, is it the best idea not to click on a link unless you’re sure this has been sent to you by a bona fide person?
Jacqueline: Absolutely yes. I would go so far as to avoid clicking on any link unless you are 100% sure it’s safe. If you are unsure, on your screen, hover your mouse pointer over the link and this will show you the web site address. If the address looks strange, for example – www.jhs3.89$$.8%.info’ – it’s probably unsafe. Some bad guys are very tricky and they register lookalike web addresses so it’s very hard to know what’s real and what’s not. My advice is to not click on any links in emails. Go directly to the official website of the organisation and log in from there.
WLT: Is it a good idea not to give out any personal or banking details online – only give out these details if you need to in person?
This is a tough one to answer as it’s very situational. General details such as your name, address, email and phone number are readily available these days. You must stop and think before you give personal details such as your date of birth, drivers license, passport details, Medicare number, credit card numbers, expiry and 3 digit number on the back.Â
This level of personal information can be used by cyber criminals for identity theft. If you need to pay for something online, it’s safer to use a third party payment method i.e. PayPal, Google Pay, Amazon Pay etc. If you prefer to use a credit card to pay for goods online, organise a separate card especially for online shopping with a small limit on it. This is a great way to shop with an extra element of safety.
WLT: Do you think PayPal is a safer way to pay? (There have been some scams imitating PayPal so this one can be tricky.)
Yes, third party payment methods are a safer way to pay. Like all major brands, cyber-criminals will use them to attempt to trick us to give them our login details so they can steal our money. There is always a phishing (fake) email doing the rounds pretending to be from PayPal asking you to click on a link, login into your account and verify your details. If you ever get an email ‘from PayPal’, rather than click on the link, go to the official PayPal website which is https://www.paypal.com/au/home and log into your account form there – not the email link.
WLT: As a general rule do you think it’s best to register for the COVID vaccine at your medical facility and not online?
Yes. Cyber-criminals will be crafting some very sophisticated phishing campaigns and click bait relating to the COVID vaccine. These will be designed with a sense of urgency, fear or scarcity. Their intent is to get us to ‘act without thinking’ and click on a link, open an attachment or provide our personal details based on our emotional response. Talk to your GP or refer to official government health sites when it comes to registering for the vaccine and to get the most up to date information.
Do you have any other information for those who may be vulnerable to these types of scams?
If you realise you’ve been scammed, call your bank or financial institution so you can protect your accounts and cards. There is a wealth of knowledge and support at Scamwatch – a government website set up to support victims of cyber-crime. It has a great ‘Where to get help’ resource page that includes the following:
If you’ve lost money to a scam or given out your personal details to a scammer, you’re unlikely to get your money back. However there are steps you can take straight away to limit the damage and protect yourself from further loss.
- Contact people you know and let them know about the scammer
- Contact your financial institution and give them details
- Recover your stolen identity
- Report scams to the authorities
- Get help from Australian agencies
- Report scams to Facebook services
- Change your online passwords
- Contact your local consumer protection agency
- Contact a counseling or support service
WLT: Thanks Jacqueline – this information will be a great help to our readers.
For more from Women Love Tech about COVID and potential e-fraud, take a look at our story here: How To Prevent Unwanted Spam From COVID Sign Ins
