Potential victims are sent a suspicious link in a text message from a contact called “BeCovidSafe”.
“Your digital version of Covid-19 Passport is available,” reads an example of the scam message.”
Federal government agency Scamwatch said anyone who receives this text should not open the link and just delete the message, due to a security threat.
The messages disguised as offering a digital passport are designed to steal personal information.
“As COVID-19 restrictions start to ease for vaccinated people in some parts of Australia, beware of scams relating to vaccine passports,” Scamwatch wrote on Twitter.
“These can look convincing but are a scam designed to steal your personal info.
“If you receive a message like this, just delete it.”
As #COVID19 restrictions start to ease for vaccinated people in some parts of Australia, beware of scams relating to vaccine passports. These can look convincing but are a #scam designed to steal your personal info. If you receive a message like this, just delete it! pic.twitter.com/xF82DRm6Zv
— Scamwatch_gov_au (@Scamwatch_gov) August 30, 2021
Vaccination passports are being discussed by state and federal governments as a possible measure for fully vaccinated Australians as they are granted more freedoms amid the ongoing Covid pandemic.
Vaccine 'passport' security concerns
The scam warning comes a week after concerns were raised about the future reliability of digital vaccination certificates.
A Sydney software engineer managed to create a fake vaccination certificate in 10 minutes, exposing a flaw in the Express Plus Medicare app.
At the moment, Australians can prove their Covid-19 vaccination status by showing their immunisation history statement using the MyGovID app or Express Plus Medicare.
This should not be anywhere near this easy to fool (I’m not vaccinated.. yet) pic.twitter.com/faTQws7XhX
— Richard Nelson (@wabzqem) August 18, 2021
"Since the vaccine digital certificate launched, it’s been niggling in the back of my mind that something like this should both be difficult to forge and easily verifiable," Software engineer Richard Nelson told Yahoo News Australia, adding when he had a "few minutes" to spare one night he gave it a go.
"I got my phone out to see what kinds of mitigations there were against something like this, simply because I was curious, and to my surprise there were none," he revealed.
"I was surprised it was as easy as it was, and thought maybe I had missed something on how these “certificates” are intended to be used."
Minister for Employment, Workforce, Skills, Small and Family Business Stuart Robert, said the government will continue to iteratively update the proof of vaccination certificates … including bolstering security measures.
Do you have a story tip? Email: firstname.lastname@example.org