Seriously, stop sharing your vaccination cards on social media

He argued that it would be difficult to cheat on him based on everything on the card: “What kind of scam are you going to do on me just by knowing my name and my birthday? Unless you sign up for free ice cream scoops on my birthday and don’t give it to me, in which case yes, that’s very serious. ”

But not only his birthday was mentioned. The card showed medically sensitive information, including his vaccine lot number, the location of the clinic, and the brand of the vaccination received. And for some people, the card contains even more.

As the Covid vaccine is rolled out to more people across the country, I’ve lost track of how many vaccine information cards I’ve seen on social networks and chat apps. While selfies are encouraged as a way of expressing joy at being vaccinated and showing that people are doing their part to help stop the spread of Covid-19, multiple government agencies have warned of the risks of posting it online of vaccine card images.

“Think of it this way: Identity theft works like a puzzle consisting of pieces of personal information. You don’t want to give identity thieves the pieces they need to complete the photo,” the Federal Trade Commission said in a blog post. last month. “Once identity thieves have the documents they need, they can use the information to open new accounts in your name, claim your tax refund for themselves, and engage in other identity thefts.”

Cyber security experts said they are unaware of widespread hacks or scams specific to vaccine cards, although the roots of identity theft are difficult to trace. But some also said these security threats are easy to implement.

For now, it’s mostly “speculation but plausible,” said Mark Ostrowski, chief of engineering at cybersecurity firm Check Point Software. “We will vaccinate hundreds of millions of people. If the history of cyber attacks repeats, these threat actors or scammers will try to find a way to take advantage of this situation.”

At the same time, there have been a number of Covid-19 scams, ranging from people posing as Covid-19 contact tracers to fake websites promising vaccination appointments.

Many of us (perhaps including my editor) may be impervious to the risks given the amount of information we assume is already available about us online – either because we posted it ourselves, it was collected from public data, or because it is dumped as part of a previous security breach. But Rachel Tobac, an ethical hacker specializing in social engineering, said one of the main concerns surrounding the vaccination chart trend is that the information is all visible and easily accessible in one place.

“Unfortunately, putting up a raw vaccination card makes it much easier for a criminal to target a specific person,” she said. In some cases, a person’s medical record number is on the card. “To access sensitive medical records over the phone, I only need the medical record number, last name and date of birth – all of which are on the vaccination card – to authenticate as that person and access sensitive details . “

A cyber criminal may attempt to impersonate you and your healthcare company to find out about your medical history or diagnoses, cancel upcoming procedures, change prescribed doses, and more.

With or without the medical record number, she said, vaccination cards could also allow a hacker to run a phishing program to steal data and passwords. With the batch number of the vaccine you received or the location of the place where you received the injection, they can forge the email address of that facility with a message such as remember you were urged to click on a link, supposedly to reschedule an updated dose, but actually meant to take information from you.

This doesn’t mean you should ignore every email you receive about your vaccine, but it’s a good reminder to be aware of links you click with an email on any topic and make sure that the sender is who he says he is.

People who are more out in the open, be they influencers, celebrities, or journalists like my editor, are more likely to do this because criminals are more likely to target them. Stealing their free ice cream scoops on their birthday would be just the start.

“There are all kinds of issues related to potential identity theft,” said Michela Menting, a research director specializing in cybersecurity at technology market consultancy ABI Research. “Individuals should be as wary of posting vaccine data as they are of posting their credit card numbers online.”

My editor claims he only posted his vaccination card online because it was privately shared with his followers, but security experts have long said that the people most likely to commit identity theft are friends and family.

That’s not to say people should curb celebrating the vaccine on social media all together. Safer options include cropping details on a map or opting for a selfie instead. Some vaccination sites hand out stickers, much like voters receive in election day. If you take a photo while wearing the sticker, you will get the same message without the security risk.

Source

Share this:

Related