There are thousands of fraudsters preparing to exploit the COVID-19 vaccine program, experts say, warning the scams will look legitimate and the people behind them may even know your name, phone number and email.
Fraud consultant Gavin Levinsohn said scammers were preparing to launch the same cons as they have overseas.
“We know this because the number of vaccine-related domains or website addresses that have been set up over the past few weeks … are in the thousands, which is a precursor to phishing scams related to the imminent distribution of vaccines,” Mr Levinsohn said.
He said despite consumers getting better at identifying a scam, a significant number of Australians were still susceptible to them.
“They could extract thousands, tens of thousands, hundreds of thousands of dollars,” Mr Levinsohn said.
“It just depends on how many people click, but people are often susceptible to these things.”
The Australian Competition and Consumer Commission confirmed it already had 16 reports of vaccine-related scams.
Michael Connory, a cyber security consultant and CEO of the company Security in Depth, said there was a significant number of scam emails sent in the UK and US relating to vaccination programs.
“[They have] scammed numerous people, tens of thousands of people over in the UK, as well as in the US,” he said.
‘Perfect ingredients for fraud’
Fraud protection consultants said the rollout of vaccinations across Australia this week was giving fraudsters a prime opportunity to pose as health authorities.
“Bad actors will look for opportunities – be it tax time or be it the imminent distribution of vaccines,” Mr Levinsohn said.
Timing, urgency and need are perfect ingredients for fraud.’’
Mr Connory said scams would be very hard to distinguish from genuine communication.
“It will look like a legitimate email coming from a government agency,” he said.
He said he expected the scams would convince people to click on a link to give personal information or install malicious software that steals information.
“Cyber criminals then take that personal information, and use that for things such as identity theft, which is hugely prevalent in Australia,” Mr Connory said.
He said people should expect scammers to call or even text them.
“That text will say something like: ‘Hi Michael, here is your COVID information’ with a link,” he said.
“Now because you can’t really see the link in detail on the text, it’s much more likely that you will click on the link, and it will take you to a compromised website.”
‘There’s no jumping the queue’
The other way criminals had been scamming people, was by duping them into trying to “jump” the vaccination queue.
“They’re going to say, ‘if you want to get the Pfizer vaccine rather than the AstraZeneca vaccine, then pay $150 and you can jump the queue’,” Mr Connory said.
“The reality is that there’s no jumping the queue.”
Then there is what else scammers can steal from you, Mr Connory said.
“What they’re really looking for is your information, the more personal information they have on you, such as your Medicare details, your driver’s licence, your date of birth – they can then utilise that information and attack you from an identity theft perspective,” he said.
“These individuals will go out and get credit with your name. They will create companies. They will start to trade. They can get mobile phones with your details. They can do a whole range of different things with your personal information.
“Last year, the Australian Cyber Security Centre and IDCare, which are both government organisations, had a look at 41,000 cases of these types of scams, and the average loss was $18,000 per person.
“We’ve seen from research that within Australia … on average 20 per cent of individuals will still click on a link.”
Treat all communication with caution
He said it was important for people to seek their own advice about the vaccine program.
“The reality is that these days, the Australian government and state governments will send Australian citizens texts to advise them that they might have been in a COVID hotspot, and to get tested or to remind them to get tested,” he said.
“It happens all the time and it’s very difficult for individuals to be able to pick whether or not that’s legitimate, or it’s fake.”
Mr Connory said it was best to treat all communication with caution.
“We would recommend not trusting it, talk to your local doctor, go on to the Australian government’s [website], the DHS website, and have a look at what’s happening and how things are rolling out,” he said.