Images of fraudulent test message, left, and fraudulent website used in one of the phishing scams exploiting the COVID-19 pandemic to trick people into providing their personal information. Photos: NY State Dept, of State, Consumer Protection Division

State officials are warning residents of a text message phishing scheme targeting people attempting to validate vaccine status.

The phishing scheme aims to steal personal information by tricking the recipient of a fraudulent message into installing malicious software on a computer or mobile device or providing personal information that can be used to commit identity theft.

Scammers are exploiting mandatory vaccination policies in effect in some workplaces to try steal people’s personal and private information, the State Department of Health and the State Department of State’s Division of Consumer Protection warned in a press release Tuesday.

Using text messages, scammers are attempting to impersonate the NYS Department of Health and tell text message recipients they are required to enter their information to validate their vaccination status. The text messages link to fraudulent sites. Anyone who receives such a text message should delete it right away.

The purpose of these schemes is to trick people into providing personal information. They may try to steal an individual’s passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day. Entering any information could put anyone at risk of identity theft.

Officials offer the following advice:

  • Exercise caution with all communications you receive, including those that appear to be from a trusted entity. Inspect the sender’s information to confirm the message was generated from a legitimate source.
  • Keep an eye out for telltale signs of phishing – poor spelling or grammar, the use of threats, the URL does not match that of the legitimate site. If the message does not feel right, chances are it is not.
  • Don’t click on links embedded in an unsolicited message from an unverified source.
  • Don’t send any personal information via text. Legitimate government entities and businesses will not ask users to send sensitive personal information through text message.
  • Don’t post sensitive information online. The less information you post, the less data you make available to a cybercriminal for use in developing a potential attack or scams.

For more information on phishing scams, as well as steps to mitigate a phishing attempt, visit the NYS Office of Information Technology Services Phishing Awareness resources page at or the Division of Consumer Protection Phishing Scam Prevention Tips page at

For more consumer protection information, call the DCP Helpline at 800-697-1220, weekdays, from 8:30 a.m. to 4:30 p.m. or visit the DCP website at The Division of Consumer Protection at can also be reached via Twitter at @NYSConsumer or Facebook at

The survival of local journalism depends on your support.
We are a small family-owned operation. You rely on us to stay informed, and we depend on you to make our work possible. Just a few dollars can help us continue to bring this important service to our community.
Support RiverheadLOCAL today.