While you may be elated that society is edging towards pre-pandemic times as vaccines have become widely available in most countries, you shouldn’t post your vaccine card online. Posting a picture of your COVID vaccine card on social media could lure attackers and phishers.
Vaccine cards make a great target for attackers because the white vaccination cards issued in the U.S. are too easy to fake and contain identifying information that an attacker could use to steal your identity. For instance, the card may include:
The FTC issued a statement warning people not to post their vaccine cards online, saying, “Some of you are celebrating your second COVID-19 vaccination with the giddy enthusiasm that’s usually reserved for weddings, new babies, and other life events. You’re posting a photo of your vaccination card on social media. Please — don’t do that! You could be inviting identity theft.”
While it is true that there is plenty of info available about you online already, posting your vaccine card puts it all in one place, making you easy prey for identity theft.
“For example, just by knowing your date and place of birth, scammers sometimes can guess most of the digits of your Social Security number. Once identity thieves have the pieces they need, they can use the information to open new accounts in your name, claim your tax refund for themselves, and engage in other identity theft,” the FTC explains.
You shouldn’t even post your card privately on social media, because once it’s out there you have less control. Plus, it could open the door for an attacker to phish more information from you by sending you an email, seemingly from your vaccination clinic. After all, they have your vaccine number, location, date and more just from the card.
Additionally, health records will likely become a growing target for hackers, as the value of a single health record could be worth thousands of dollars. Information on your vaccine card is protected under HIPPA, but by posting your vaccine card online you may void HIPPA protection.
If you’ve already posted it, you can still take it down, along with any other personal information you might have posted online. It might be a good idea to do a social media audit of your posts and privacy settings and your followers to make sure you know who is following you.
Scams surrounding COVID-19 have been on the rise for a while now, and we’ve noticed an increase in phishing attacks and domains attempting to spoof the CDC or other sites claiming to contain COVID-19 information. This is just the latest online threat for identity left. But in general, internet users need to understand the risks and know how to safely navigate the web.
In general, do not share personal details on social media. When it comes to websites, know how to safely navigate the web. Check sites for TLS/SSL certificates to ensure that your data is encrypted. View our blog on how to identify authorized sites to know how to distinguish authorized from unsecured sites. Finally, do not use personal information that you might share online, or is easy to guess, in your passwords.
It's definitely worth celebrating that things are reopening, but don’t put your identity at risk. Find other ways to celebrate. Instead, the FTC recommends taking a vaccine selfie with your band aid or vaccination sticker.