We received an email recently to the company’s general contact address from a sender posing as the Center for Disease Control.  The email stated that the reader needed to complete a person H1N1 Vaccination Profile on the CDC’s Web site, regardless of whether or not he or she has been vaccinated, because that profile would be used for a “registering system” of who had and had not been vaccinated.  A link that supposedly led to the CDC Web site where the reader could create his or her profile was included at the bottom of the page.

To a trained eye, it is clear that the email was a phishing scam.  Instead of the CDC Web site, the link actually led to online.cdc.gov.yhnbam.im - .IM is the ccTLD for Isle of Man, a small British Crown dependency located in the Irish Sea between the United Kingdom and Ireland.  The site had been set up to trick Internet users into disclosing personal and financial information, which the site owner then steals. 

I tried to follow the link to see just what kind of information the site was trying to obtain, but was instead greeted by a warning message that said, “This web site at online.cdc.gov.yhnbam.im has been reported as a web forgery and has been blocked based on your security preferences.” 

Phishing has been and remains a very serious and dangerous problem online.  What is truly despicable is how phishers exploit the public’s concern over issues in order to dupe them into handing over information.  H1N1 remains a very worrisome and serious issue, especially here in the U.S., for cybercriminals to take advantage of people’s distress or fear is abhorrently opportunistic.  

Be on the lookout if you receive this email.  The sender appears as the CDC with the address info@cdcmails.com, so it may seem legitimate at first, but it is indeed a scam.