Connect with us

Hi, what are you looking for?



U.S. Government Warns of Phishing, Fraud Schemes Using COVID-19 Vaccine Lures

Several U.S. government organizations have issued warnings regarding various types of fraud and phishing schemes that use COVID-19 vaccine-related topics to lure potential victims.

Several U.S. government organizations have issued warnings regarding various types of fraud and phishing schemes that use COVID-19 vaccine-related topics to lure potential victims.

While these types of operations typically impact non-enterprise users, some people could open the malicious websites or emails associated with these schemes from work devices, which could pose a risk to enterprises as well.

The Federal Bureau of Investigation (FBI), Department of Health and Human Services Office of Inspector General (HHS-OIG), and Centers for Medicare & Medicaid Services (CMS) have issued an alert on emerging COVID-19 vaccine-related fraud schemes.

Leveraging the increased public interest in COVID-19 vaccines, scammers are luring unsuspecting victims into sharing personally identifiable information (PII) or into sending money.

Such fraudulent activity, the alert from the FBI, HHS-OIG, and CMS reads, could take the form of ads that claim to offer early access to vaccines in exchange for a deposit or fee, requests to pay for the vaccine or enter personal information on a so-called waiting list, or offers to undergo medical testing to obtain the vaccine.

Some fraudsters might claim to be able to ship the vaccine domestically or internationally, or might advertise vaccines via social media, email, phone, or other channels, the alert reads.

Furthermore, individuals are advised to be wary of unsolicited emails or phone calls claiming to be from medical or insurance companies, or vaccine centers, which request personal and/or medical information, as well as of unverifiable claims that certain vaccines are FDA-approved.

Advertisement. Scroll to continue reading.

Some scammers, the three agencies note, might contact unsuspecting victims via phone to tell them that government or government officials require the population to receive a COVID-19 vaccine.

On Friday, the U.S. Department of Justice announced the seizure of two websites claiming to belong to companies developing COVID-19 treatments, but which were instead meant to collect the personal information of their visitors.

The two websites, “” and “,” were copies of the legitimate domains of two biotechnology companies headquartered in Cambridge, Massachusetts, and Westchester County, New York, respectively.

The domains were registered earlier this month. No personal information for the registrar was listed for, while was registered to a resident of Onitsha Anambra, Nigeria.

Names and other personal information obtained through these websites could have been used to commit additional crimes.

“Malicious domain registrations are a growing problem and something that both companies and consumers must be wary of,” Skurio CEO Jeremy Hendy told SecurityWeek. “This story in particular highlights why the awareness of fake domains, which, utilises user oversights to trick people into believing they are visiting a genuine site, is an increasingly important issue. These compromised domains can be used by bad actors for social engineering attacks that defraud individuals and steal personal data.”

Related: Russian Cyberspies Use COVID-19 Vaccine Lures to Deliver Malware

Related: State-Sponsored Hackers Likely Behind Attacks on COVID-19 Vaccine Cold Chain

Related: EU Agency Assessing Covid-19 Vaccines Hit by Cyberattack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...