Covid Con: Vaccine Scams

Australia COVID Vaccine Roll Out: Officially Under Way

It’s official: the covid vaccine has hit the shores of Australia. Over 142,000 doses of Pfizer’s coronavirus vaccine arrived in Australia last Monday, followed by provisional approval for the AZ vaccine (AstraZeneca) the day after.

The covid vaccine is completely free of charge. There is no need to register to be vaccinated, and no way to obtain a vaccine faster.

It is however advised to link your Medicare service to your MyGov account (if you haven’t done so already) and ensure your personal details are up to date.

High priority groups (such as aged care & disability workers and frontline healthcare workers) will receive the vaccine first. The rollout of vaccines in Australia will be administered according to the Department of Health’s distribution plan.

COVID Cons: “Wait-list for Vaccines”

Image Source: @NSW Health (Twitter)

With the arrival of COVID-19 vaccines, there have also come warnings of COVID-19 vaccine scams– which have been doing the rounds in the UK and US (as they received vaccines several months before Australia). Earlier reports of COVID vaccine-related scams date back to early Q1 2020: months before the first vaccine even received approval for administration.

Most reports of these scams are claiming to offer the Pfizer vaccine: Australia has agreements with four different COVID-19 vaccine suppliers (in addition to AstraZeneca, Australia also has agreements with Novavax and the COVAX Facility).

Currently, scammers are reaching out via calls, text messages and emails to notify recipients of an opportunity to join a priority wait list or secure an ‘early vaccine appointment’ for an upfront fee.

A fake email appearing to be sent by the NHS Test and Trace (Image source: BBC)

Other related COVID-related scams include selling CBD oil to “boost” your immune system (piggybacking off fake news) and investment scams (‘vaccine bonds’).

Senders of these messages often claim to be acting on behalf of government agencies and health organisations such as the United States Centers for Disease Control and Prevention (CDC), the World Health Organisation (WHO), as well as the UK’s National Health Service (NHS).

Fake email claiming to be from the CDC (Image Source: welivesecurity by ESET)

These phishing emails are have become increasingly convincing over the years: adopting a visually consistent style with those used by the organisations they’re attempting to impersonate.

Most of the scams involve sending a link to a phishing site, which may also replicate the actual websites of government agencies and medical/health organisations. These sites then obtain personally identifiable information and payment to secure a spot in the ‘priority wait list’.

Fake text message (with a tell-tale spelling mistake of course), which leads users to a phishing site (Image Source: BBC)

Scammers in Florida have even claimed to offer ‘in-home vaccines’ for seniors, requesting Medicare card information to schedule the appointment. It comes as no surprise that elderly groups are being targeted due to their susceptibility and lack of awareness regarding phishing methods.

The Australian government has launched a multi-million dollar advertising campaign to inform the public about the vaccine rollout (and to warn against misinformation and scams). The ACCC have also been warning the public of COVID-related scams since early last year.

As vaccines have only just begun rolling out this week in Australia, these scams are likely to grow in both volume and sophistication – to take full advantage of the climate of fear surrounding the global pandemic.

Scams: How to Spot One

Below are more general tips for spotting scam emails (and not specific to COVID scams).

Scamwatch’s Visual Guide to Spotting a Scam Email. (Image Source:

Poor spelling and grammar have long been hallmarks in the ‘red flags’ of phishing emails, but of course, these are easily avoided these days with a spell-checker or writing tool (like Grammarly). Many claim that these spelling and grammatical mistakes are in fact intentional: targeting the most gullible of victims.

Scam emails have also typically been sent using email addresses that appear less than authentic: with strange/unfamiliar website domains with additional hyphens. However, more sophisticated scammers will use email spoofing to give the appearance of the scam email being sent from a legitimate email address (with a domain, for instance).

The same dodgy website/domain characteristics may also appear for links contained in these scam emails: however, this can also be made to lead to a different URL than the text may suggest (exhibit A: to phish for personal info.

They’ll often include language or keywords to induce a sense of urgency (‘URGENT’, ‘IMPORTANT’ or ‘REQUIRES IMMEDIATE ATTENTION’) as well as specifying a deadline for a response (‘____ immediately or your account will be suspended within X hours’).

Always approach your inbox with a healthy dose of scepticism (Image Source: Freepik)

The best way to stay vigilant against scammers is to be wary of virtually ALL emails that you receive. Always scan through the email and look for anything that may appear suspicious, and try to look up whether similar emails have appeared in examples of scams.

Most people who fell victim to a vaccine scam, for instance, may have neglected to question the validity of such an offer in the first place.

As vaccines are distributed by government agencies and not private companies, the whole idea of ‘paying to be put on a priority wait-list’ should already sound suspicious for most people.

Most government agencies these days will try to publish publicly available information to disseminate up-to-date information regarding new scams as soon as they appear. Freely available information can be found on government sites regarding how and when vaccinations are being distributed.

The temporary banning of Australian media and government sites and pages from Facebook last week (in response to the Media Bargaining Code) has also made things more problematic, given the timing of news regarding the newly arrived vaccinations.

On a related note, the ban will be lifted within the next few days and Australian news will return soon.

Main Takeaways

  1. The bottom line is to only trust the word of public health authorities – most prevalent being the Australian Government Department of Health
  2. Pay close attention and look for red flags in all communication you receive before clicking any included links
  3. Subscribe to Scamwatch’s alert emails to receive updates for new and emerging scams
  4. Following the ACCC, Scamwatch or other reliable sources of information regarding scams/cyber threats on social media (Facebook, Twitter, Instagram) to stay up-to-date

If you or someone you know has fallen victim to a scam (or received some form of communication that may be a scam), report it on the Scamwatch website here.

I started writing this article last weekend but have been busy with other commitments (Uni just started).

I’ll make a solid effort to publish another article before the end of this week.


Published by Tech Neck Nick

I'm a cybersecurity major postgrad student from Sydney, Australia. Support my fight against Writer's Block.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: