Cybercriminals Target Indians Sharing COVID Jab Certificate Online
Personal info from certificates are being used to hack into bank accounts and sold to telemarketing companies.
Cybercriminals have found new ways to target people online amid the raging COVID-19 pandemic in India. As netizens post vaccine certificates online, cybercriminals are using sensitive personal information from it to hack into bank accounts and sell data to telemarketing companies.
The Ministry of Home Affairs posted an advisory on Twitter warning users against posting their certificates. The government said in a tweet: “Beware of sharing #vaccination certificate on social media because the vaccine certificate contains your name and other personal details.”
Targeting Those Getting Vaccinated
Fraudsters ask people to register on fake websites dubbed as ‘Pradhanmantri Berozgar Bhatta Yojna’ through SMS, e-mail or other social media platforms on which victims are required to fill in sensitive details including their credit card information. The hackers then start clearing bank accounts based on the details provided by victims.
Another scam promises Rs 50,000 as a ‘coronavirus subsidy’ from the World Health Organization.
Scamsters have also started targeting people who have received the vaccine by calling them from +91 2250041117. Those who answer the call are asked to press 1 if they have been vaccinated, and if he/she does so, the phone ends up getting hacked.
Officials have clarified that these are fraud calls, and that 1921 is the only official number used by the Government of India for vaccine feedback.
Why Shouldn't You Share COVID Vaccination Certificate Online?
In India, a COVID-19 vaccination certificate includes details such as beneficiary name, age, gender, vaccination date, last 4 digits of Aadhaar card, UHID and beneficiary reference ID— which if shared in public domain is more than enough for cyber criminals to carry out mischievous crimes.
Cyber expert and Internet researcher Sourajeet Majumder told The Quint that it can be used by fraudsters to defraud you or can be sold on the dark web for some quick money.
"Vaccination certificate is a piece of validation that the government gives on your vaccines and gradually this will become one's ticket to avail several services. Thus sharing your vaccination certificate on social media is definitely not the best practice," said Majumder.
If cybercriminals get hold of your COVID-19 vaccination certificate, they can:
Use the data to impersonate you
Create fake certificates and sell them online
Give your data to telemarketing and health insurance companies to advertise their products to you
Carry out targeted phishing attacks and blackmail you with the information they have
Sell your vaccination certificate on the dark web, breaching privacy
What Should You Do?
The best practice is to not share your COVID-19 vaccination certificates on any public domain.
"If you have already uploaded it on some public domain, you should take it down at the earliest and stay alert from scams and frauds which you might face," Majumder adds.
Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.