The US Department of Justice has recently warned that hackers are creating COVID-19 vaccine survey scams for consumers. Attackers promise victims money or rewards for filling out the phony surveys. In reality, they just collect the filled-out personally recognizable details to sustain scam plans including identity theft.

Consumers receive the surveys via email and text message and are told that, as a gift for filling out the survey, they can choose from various free prizes, such as an iPad Pro.
The messages claim that the consumers need only pay shipping and handling fees to receive their prize.
Victims provide their credit card information and are charged for shipping and handling fees, but never receive the promised prize.
Victims are also exposing their personally identifiable information (PII) to attackers, increasing the probability of identity theft.


The DOJ Workplace of Public Affairs recommends users avoid accessing links declaring to be a vaccine study if they originate from unidentified and unreliable sources.

According to the US Federal Trade Commission (FTC), the COVID-19 pandemic has brought a higher risk of identity theft. In 2020, the FTC got about 1.4 million reports of identity theft, double the number from 2019. Identity thieves targeted government funds designated to help people financially hit by the pandemic.

On Tuesday, The US Internal Revenue Service (IRS) warned of ongoing phishing attacks impersonating the IRS. The hackers were sending an automated email, informing applicants that they are eligible for a $1,400 tax refund.

Additionally, New York city’s Department of Financial Provider (DFS) exposed extra information on a continuous series of attacks that have led to the theft of numerous New Yorkers’ personal information.

Schemes that use links embedded in unsolicited text messages and emails in attempts to obtain personally identifiable information are commonly referred to as phishing schemes. Phishing messages may look like they come from government agencies, financial intuitions, shipping companies, and social media companies, among many others. Carefully examine any message purporting to be from a company and do not click on a link in an unsolicited email or text message. Remember that companies generally do not contact you to ask for your username or password. When in doubt, contact the entity purportedly sending you the message, but do not rely on any contact information in the potentially fraudulent message.


To protect your money and personal information, DOJ issued a series of recommendations: If you do receive one of these unsolicited text messages or emails, carefully examine the message and don’t click the link. Companies won’t generally contact customers asking for a username or password. When in doubt, contact the company allegedly sending the message, but don’t use the contact information provided in the unsolicited message.

What’s more, you can stop identity thieves from filing fraudulent tax returns in your name using your stolen personal information by getting an Identity Protection PIN as soon as possible.

Customers who have actually gotten among these deceptive phishing e-mails or texts utilizing COVID-19 vaccine study lures are advised to report such events to the National Center for Disaster Fraud (NCDF) through the NCDF Web Complaint Form or by calling 866-720-5721.

To identify and protect yourself from such ongoing phishing attacks, please check my colleague Ana Dascalescu’s guide on Detecting and Preventing Phishing. Additional information is also available on the FTC and FBI websites.

Universities Targeted in Ongoing IRS Phishing Attacks

How Ensuring Email Fraud Protection Keeps Your Company Safe

Leave a Reply

Your email address will not be published. Required fields are marked *