The State of New York and many private employers recently required certain employees to be fully vaccinated, and scammers are exploiting the policy to try steal people’s personal and private information. The illegitimate text message shown below attempts to impersonate the NYS Department of Health and tells the recipient they are required to enter their information to validate their vaccination status. The site the message links to is also fraudulent. Anyone who receives such a text message should delete it right away.
Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day. Entering any information could put anyone at risk of identity theft.
To help protect against phishing or smishing (SMS phishing) scams, the NYS Office of Information Technology Services (ITS) and the Division of Consumer Protection recommend the following precautions:
  • DO exercise caution with all communications you receive, including those that appear to be from a trusted entity. Inspect the sender’s information to confirm the message was generated from a legitimate source.
  • DO keep an eye out for telltale signs of phishing – poor spelling or grammar, the use of threats, the URL does not match that of the legitimate site. If the message does not feel right, chances are it is not.
  • DON’T click on links embedded in an unsolicited message from an unverified source.
  • DON’T send your personal information via text. Legitimate businesses will not ask users to send sensitive personal information through text message.
  • DON’T post sensitive information online. The less information you post, the less data you make available to a cybercriminal for use in developing a potential attack or scams.