STATEN ISLAND, N.Y. — There’s a new text message phishing scheme afoot that is designed to steal New Yorkers’ personal information by asking them to validate vaccine status, according to state officials.
The state Division of Consumer Protection and Department of Health said the phishing texts are fraudulent messages designed to trick the recipient into installing malicious software onto a computer or mobile device, or to obtain data or sensitive personal information to commit identity theft.
Both government and many private employers recently required certain employees to be fully vaccinated, and scammers are exploiting the policy to steal people’s personal and private information, according to officials.
The illegitimate text message shown below attempts to impersonate the state Department of Health and tells the recipient they are required to enter their information to validate their vaccination status. The site the message links to is also fraudulent.
“Anyone who receives such a text message should delete it right away,” said the state in a written statement. “Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day. Entering any information could put anyone at risk of identity theft.”
To help protect against phishing or smishing (SMS phishing) scams, the state Office of Information Technology Services (ITS) and the Division of Consumer Protection recommend the following precautions:
- Exercise caution with all communications you receive, including those that appear to be from a trusted entity. Inspect the sender’s information to confirm the message was generated from a legitimate source.
- Keep an eye out for telltale signs of phishing — poor spelling or grammar, the use of threats, the URL does not match that of the legitimate site. If the message does not feel right, chances are it is not.
- Don’t click on links embedded in an unsolicited message from an unverified source.
- Don’t send your personal information via text. Legitimate businesses will not ask users to send sensitive personal information through text message.
- Don’t post sensitive information online. The less information you post, the less data you make available to a cybercriminal for use in developing a potential attack or scams.
For more information on phishing scams, as well as steps to mitigate a phishing attempt, visit the state Office of Information Technology Services Phishing Awareness resources page at https://its.ny.gov/resources or the Division of Consumer Protection Phishing Scam Prevention Tips page at https://dos.ny.gov/identity-theft-prevention-and-mitigation-program.
FOLLOW TRACEY PORPORA ON FACEBOOK and TWITTER