The messages, which appear to come from official government email addresses, use the Health Ministry COVID-19 vaccine center registration as a hook for the fraudulent schemes.
The ministry posted an example of one of the scam messages on its Twitter page, featuring the address “[email protected],” and issued a warning against being duped by it.
“The Ministry of Health is warning everyone against responding to phishing messages and wishes to clarify that these messages are not being sent by the ministry or any of its official programs,” said the tweet.
With many individuals desperate to be vaccinated as soon as possible amid growing alarm over the more infectious strain of COVID-19, cybercriminals are taking advantage of the situation to sell fake vaccines on the dark web.
An email from ‘minister.com’ is not authentic, but an email from ‘moh.gov.sa’ is.
Waleed Al-Tamimi, Cybersecurity expert
None of the currently available vaccines is available on the market yet. No prices have been set, and the vaccines are available only in government hospitals in the Kingdom.
In addition, the manufacturers, which include Shingrix, Moderna, and Pfizer/BioNtech, are only selling the vaccines to governments, meaning that even private hospitals are still unable to offer vaccinations.
Saudi cybersecurity expert Waleed Al-Tamimi urged people to be cautious with their private data.
“Cybercriminals are getting cleverer by the day,” he told Arab News.
• People should remember that none of the currently available vaccines is available on the market yet.
• No prices have been set, and the vaccines are available only in government hospitals in the Kingdom.
• Vaccine manufacturers are only selling the vaccines to governments.
“Anyone seeing a message like this will probably just skim over the address when they see something close to the actual government URL, which is exactly what the criminals want. That way, they can access the most sensitive information you can provide, such as your ID number, date of birth and so on,” he said.
Al-Tamimi said that with access to ID numbers and other private information, cybercriminals could disrupt people’s lives in more ways than they might think.
“Typically, these scam websites feature forms that will ask for your email address, ID number and phone number, and that look eerily similar to official government forms. With all of those in their possession, it’s a quick jump to your bank accounts, your email inbox, your Absher account and more,” he said.
For protection, Al-Tamimi recommends frequently changing passwords, enabling two-factor authentication whenever possible, and checking emails thoroughly for proof of authenticity.
“Always check the host website of an email in question. An email from ‘minister.com’ is not authentic, but an email from ‘moh.gov.sa’ is. Also, regarding the COVID-19 vaccine, text messages concerning the vaccine centers will come from ‘Sehaty,’ which is the only verified and safe way to register for the vaccine right now,” he said.