Malware, Identity Theft and Phishing Scams
The State Vaccination H1N1 Program Email Scam
Downloads malware to your computer!
You may have received an email like the one below that looks very authentic, like it came from State Vaccination H1N1 Program, or a phone call about the same subject. It is an attempt infect your computer with malware and to get you to enter confidential information (typically a social security number, name, address, bank account information, etc., to allow the scammers to steal your identity and open credit cards in your name.
This email was not sent by State Vaccination H1N1 Program; The CDC's State Vaccination H1N1 Program is a victim as well. This is referred to as "phishing" (when by email) or "vishing" (when by telephone). If you receive an email similar to the one below, DO NOT click on the link, and do not enter any information on the forms there.
The website that the link leads to is a spoof; a fake website, not created by State Vaccination H1N1 Program. It downloads malware, a malicious computer program.
The messages request that users must create a personal H1N1 (swine flu) Vaccination Profile on the cdc.gov website. The message then states that anyone that has reached the age of 18 has to have his/her personal Vaccination Profile on the cdc.gov site.
The CDC has NOT implemented a state vaccination program requiring registration on www.cdc.gov . Users that click on the email are at risk of having malicious code installed on their system. CDC reminds users to take the following steps to reduce the risk of being a victim of a phishing attack:
- Do not follow unsolicited links and do not open or respond to unsolicited email messages.
- Use caution when visiting un-trusted websites.
- Use caution when entering personal information online.
Remember, no government agency would send you an email or a phone call requesting your personal account information. Any such email you receive asking for this information should be considered phony and brought to the attention of the business being 'phished'.
Anytime you need to go to a website for your bank, credit card companies or other personal, financial or confidential information; do not follow a link in an email; just type their address in your browser directly (such as www.State Vaccination H1N1 Program.com )
Below are actual phishing emails that started circulating in late 2009.
Example of the scam Swine Flu Vaccination email:
You have received this e-mail because of the launching of State Vaccination H1N1 Program.
You need to create your personal H1N1 (swine flu) Vaccination Profile on the cdc.gov website. The Vaccination is not obligatory, but every person that has reached the age of 18 has to have his personal Vaccination Profile on the cdc.gov site. This profile has to be created both for the vaccinated people and the not-vaccinated ones. This profile is used for the registering system of vaccinated and not-vaccinated people.
Create your Personal H1N1 Vaccination Profile using the link:
create personal profile
Centers for Disease Control and Prevention (CDC) ' 1600 Clifton Rd ' Atlanta GA 30333 ' 800-CDC-INFO (800-232-4636)
Screen shot of the email:
Recommendations- What to do:
- Only open email or IM attachments that come from a trusted source and that are expected
- Use an anti-virus/anti-spam package (we recommend Norton 360 or Norton Internet Security scan all attachments prior to opening. Click here to see Norton 360 2013 on Amazon.com .
- Delete the messages without opening any attachments
- Do not click on links in emails that come from people you do not know and trust, even if it looks like it comes from a company you know.
- Keep your anti-virus software up to date
- Keep your operating system up to date with current security patches. Click here for an article that describes how to do this.
And please let us know about any suspicious calls or emails you receive. We look for patterns so that we can alert the authorities and victims to new scams, before it is too late!Do not open the attachment. Delete the email.
For more information about phishing, see