Cybercriminals Target Indians Sharing COVID Jab Certificate Online

Personal info from certificates are being used to hack into bank accounts and sold to telemarketing companies.

Tech and Auto
2 min read
Image used for representational purposes.

Cybercriminals have found new ways to target people online amid the raging COVID-19 pandemic in India. As netizens post vaccine certificates online, cybercriminals are using sensitive personal information from it to hack into bank accounts and sell data to telemarketing companies.

The Ministry of Home Affairs posted an advisory on Twitter warning users against posting their certificates. The government said in a tweet: “Beware of sharing #vaccination certificate on social media because the vaccine certificate contains your name and other personal details.”

Targeting Those Getting Vaccinated

Fraudsters ask people to register on fake websites dubbed as ‘Pradhanmantri Berozgar Bhatta Yojna’ through SMS, e-mail or other social media platforms on which victims are required to fill in sensitive details including their credit card information. The hackers then start clearing bank accounts based on the details provided by victims.

Another scam promises Rs 50,000 as a ‘coronavirus subsidy’ from the World Health Organization.

Scamsters have also started targeting people who have received the vaccine by calling them from +91 2250041117. Those who answer the call are asked to press 1 if they have been vaccinated, and if he/she does so, the phone ends up getting hacked.

Officials have clarified that these are fraud calls, and that 1921 is the only official number used by the Government of India for vaccine feedback.

Why Shouldn't You Share COVID Vaccination Certificate Online?

In India, a COVID-19 vaccination certificate includes details such as beneficiary name, age, gender, vaccination date, last 4 digits of Aadhaar card, UHID and beneficiary reference ID— which if shared in public domain is more than enough for cyber criminals to carry out mischievous crimes.

Cyber expert and Internet researcher Sourajeet Majumder told The Quint that it can be used by fraudsters to defraud you or can be sold on the dark web for some quick money.

"Vaccination certificate is a piece of validation that the government gives on your vaccines and gradually this will become one's ticket to avail several services. Thus sharing your vaccination certificate on social media is definitely not the best practice," said Majumder.

If cybercriminals get hold of your COVID-19 vaccination certificate, they can:

  • Use the data to impersonate you

  • Create fake certificates and sell them online

  • Give your data to telemarketing and health insurance companies to advertise their products to you

  • Carry out targeted phishing attacks and blackmail you with the information they have

  • Sell your vaccination certificate on the dark web, breaching privacy


What Should You Do?

The best practice is to not share your COVID-19 vaccination certificates on any public domain.

"If you have already uploaded it on some public domain, you should take it down at the earliest and stay alert from scams and frauds which you might face," Majumder adds.

(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)

Stay Updated

Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.

Join over 120,000 subscribers!