It seems that people have been receiving emails claiming to be from the Centers for Disease Control and Prevention requesting that recipients complete a "Personal H1N1 Vaccination Profile" at cdc.gov for the CDC Sponsored State Vaccination Program for H1N1. Of course, there's no such thing.
The CDC writes on its website under the Health Related Hoaxes and Rumors section:
"The CDC has NOT implemented a state vaccination program requiring registration on www.cdc.gov. Users that click on the email are at risk of having malicious code installed on their system."The email security experts at Red Condor explain how the scam works: When users click on the embedded "Create Personal Profile" link in the email, they are sent to a page that to all intents and purposes looks like the real thing, with a CDC-branded header and footer, including the Department of Health and Human Services logo. From there, visitors are asked to download an "electronic document, which contains your name, your contact details and your medical data." The file is actually an executable that contains a Trojan virus identified as W32/Vacc.A!tr.
Unfortunately, since this is a relatively new phishing scam, it is not being detected by most antivirus programs, "so it is important that people simply delete these messages and notify their IT administrators of the threat," Red Condor says.
The CDC also suggests users to take the following steps to reduce their risk of being victimized by a phishing attack:
- Do not follow unsolicited links and do not open or respond to unsolicited email messages.
- Use caution when visiting untrusted websites.
- Use caution when entering personal information online.
There's no better place to get information about seasonal and pandemic influenza and their vaccines than the real CDC website and other health department sites such as Flu.gov. Here's hoping that this phishing scam won't deter anyone from visiting the legitimate sites.