Man holding a vaccination card

It’s Great That You’re Vaccinated, But Please Don’t Do This!


As I’m writing this, there is a national debate going on. The question of the day is vaccine mandates—some want them, others are against them.

In locations throughout the USA, governments require citizens to show proof that they received the COVID-19 vaccine to attend restaurants, bars, nightclubs, and other public places. As a result, the country is in turmoil.

Proof that you’ve received the vaccine can come from your vaccine card or approved phone apps with vax details and confirmation—and, therein, lies the problem. The following scenario explains.

Scenario: How A Social Media Post Spawned A Nightmare

Zachary has been holding off getting the COVID vaccine because he wasn’t sure about the side effects. Contradictory information online and in the news made him apprehensive. He didn’t know what to believe. So, he decided not to take the vaccine until he was sure.

Then the government mandates started. Zachary soon found that he wasn’t allowed into his favorite restaurant or go to his gym. After being locked down for so long, he needed to get out.

So, Zachary gave in and got vaccinated. He jumped for joy when he got his fully completed vax card. Now he can get on with his life!  

Zachary wanted to share his excitement with his friends on social media. So, he snapped a selfie holding up his vaccine card at his favorite restaurant while with friends. But, hey, no big deal, the card didn’t contain much information, just his name, date of birth, and the vaccine details. So, he posted it publicly.

Later, Zachary found that his state government was pushing a mobile app. Now, he wouldn’t even need to carry his vax card—sweet! Zachary signed up for the app that day.

A week later, Zachary received a call regarding his app registration. The caller said they needed to verify his social security number and some missing personal information. He didn’t think much of it since the caller already knew all of the data he entered when signing up. Just a few more details, that’s all. Zachary willingly obliged.

Three months later, Zachary started to get a deluge of mail regarding unpaid credit cards, new bank accounts, and even a new personal loan he didn’t own. Finally, he thought, “what’s going on?”

Zachary’s identity was stolen! It would take him years, thousands of dollars and a lot of aggravation to clear his name.

Did You Spot The Red Flags?

  • Zachary posted a picture of his vax card on social media, showing his full name, date of birth, and vaccine details.
  • Then, Zachary signed up for a popular mobile vaccine app, giving more detailed information about himself. But, unfortunately, he failed to vet the app before signing up.

What Went Wrong?

Hackers were alerted to a possible payday the minute Zachary publicly posted a picture of his vax card on social media.

Zachary didn’t know that the mobile app database wasn’t properly secured and was exposed to the public on the internet because of one wrong setting. It was quickly found by cybercriminals, who posted the data for sale on the Dark Web.

Now, as I’ve said before, cybercriminals are innovative and highly tech-savvy. So it was simple for the scammer who purchased the app’s database to cross-reference the data to find Zachary’s details, especially since he was kind enough to post a picture of his vax card on social media.

Using what he already knew, the scammer called on the phone, posing as the app’s representative, and convinced Zachary he was legitimate. Zachary then gave the scammer even more personal details.

Having all of the pieces necessary, the scammer then stole Zachary’s identity and opened credit cards, bank accounts and even applied and received a loan—all in Zachary’s name.


Social media sites are great for sharing information with friends and family but watch what you post. At the very least, keep posts private, so only those in your circle can see them. But be aware that hackers may still be able to get your information because—well, they’re hackers—it’s what they do!

Although it may not seem like much, a post containing your details, such as your name and date of birth, can be a goldmine for a cybercriminal. This information could be used for spear phishing attacks and identity theft—which in this case, is precisely what happened.

XSolutions is an IT Services Provider serving New York (NY), New Jersey (NJ), and Connecticut (CT). We provide Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection. Call (845) 362-9675 for a free consultation.