【Frauen ohne Unschuld】

Scammers have Frauen ohne Unschuldfound a new target for their money-making schemes: vulnerable people looking to receive a COVID-19 vaccine.

Researchers with the email security firm Tessian have discovered that scam artists are behind many of the more than 2,600 newly registered domain names promoting COVID-19 vaccines. The scammers are looking to steal sensitive personal data from unsuspecting people seeking vaccine information.

“Uncertainty over the vaccine roll-out and people's desire for information about how to get it has created the perfect storm for convincing phishing scams,” explained Tessian CEO Tim Sadler.

Once a person clicks on a link to one of these malicious websites, they are usually directed to a login page if they want information about the COVID-19 vaccine. In some cases, users were even asked to make a payment on the site.

How to spot the COVID scams

1. Legitimate sites won't ask for your third-party passwords

Researchers discovered that many of these specific sites presented users with an Office 365 or Apple ID login. For example, users were offered the opportunity to apply for a COVID-19 vaccination on some of these fake websites...if they entered their login credentials for one of these third-party platforms.

Even if a user doesn’t necessarily have sensitive information connected with those accounts, Sadler explained how a large percentage of people reuse their online passwords. All it takes is for a user to input their login credentials for one platform. A scammer can then take that email and password combination and try it on a user’s Google account or banking accounts. The possibilities are potentially endless.

2. Watch for misspelled urls

According to the report, nearly a quarter of these registered domains are spoofing authentic COVID information sites, like the CDC. Scammers register domain names that look like the official URL of a legitimate website, a practice called “typosquatting.”

For example, the Center for Vaccine Development uses the domain name “cvdvaccine.com.” In order to trick users, scammers have registered domain names with one “C” in “vaccine.”

The domains also target “common questions” related to the COVID vaccine, such as “where to get vaccinated?” Some of these sites also push disinformation claiming the vaccines cause side effects. According to Tessian's research, most of these domain names were registered in the U.S.

3. "Find out more" prompts can be a trick

Under the guise of a healthcare organization, some of these COVID-19 vaccination scams will reach out to you in your inbox. These emails will tease important information concerning the vaccines, asking the recipient to click a "find out more" link in order to access the crucial details.

These "find out more" links take the unsuspecting user to one of those fake websites set up to steal their email, password, and other sensitive information.

"You should be wary of emails that are claiming to come from health care organizations," said Sadler. "Always check the send name and address on an email."

Sadler pointed out that some email clients obfuscate detailed sender information. So, to be safe, users should check official government websites in order to verify how they would go about contacting citizens when it comes to vaccinations.

4. Be wary when a website asks for personal information

Scammers can access a lot with very little information.

“Question any websites that request personal data or credentials," explained Sadler. "It is unusual for a government website to ask you for your credentials [from other platforms].”

Be extra cautious in giving up even more personal information such as social security numbers or medical history details.

Before inputting any sensitive data, users should always directly go to official government websites themselves. Don't click on links that were sent to you.

5. Don't pay for a spot in line

A scammer's goal is to make a buck off of tricking users. Don't fall for any websites requesting payment for a spot in line for the vaccine.

"Awareness is crucial," said Sadler. "People should be skeptical of emails or websites that are requesting any kind of payment."

In the U.S., the COVID-19 vaccine is available for free.

In general, users should never enter bank account details or credit card information on a website that they are not familiar with.

There could be even more scams

This research is only a small look at the COVID-19 scams out there. Tessian pulled these domains based on searches for newly registered names containing keywords related to COVID-19. With hundreds of thousands of domain names registeredon a daily basis, there’s certain to be new malicious websites taking advantage of the pandemic to scam people.

So, how can people looking for COVID-19 vaccine information avoid falling victim to such scams?

“When in doubt, just don't trust the website and actually reach out proactively to contact an agency or the government rather than have them contact you,” he recommended.