As the COVID-19 vaccine rollout continues, many are turning to websites and other online tools to secure an appointment to get vaccinated, but not all of them may be legitimate and some could leave you vulnerable to scams.
Here's everything you need to know to avoid becoming a victim of fraud.
Watch TODAY All Day! Get the best news, information and inspiration from TODAY, all day long.
Look for warning signs
Since states, counties and medical centers are using different websites and systems to get people registered for vaccine appointments or to send alerts about vaccine availability, it can be hard to tell what's legal and what's not.
Nenette Day, an assistant special agent in charge with the U.S. Department of Health and Human Services, said that this has been a concern for her office. Government agencies have already investigated more than 96,000 potentially malicious coronavirus vaccine websites. Some ask for financial information, telling users that they need to pay to make an appointment.
But Day told TODAY Monday, "There is no legitimate process that requires you to pay for the vaccine or to pay for a spot in order to get the vaccine."
While signing up for a legitimate vaccine appointment does require you to input some personal information, like your birthdate and home address, Day said there are some things you should never need to enter.
"You should never be entering your credit card, that's the very first thing. You shouldn't be ever entering things like 'What's your mother's maiden name,' those types of security question information. And you shouldn't be giving your Social Security account number, either."
Day said that one of the biggest concerns is a social media scam that appears to come from someone you know.
"Here's how a scheme could go. I get a contact from a friend of mine, who I don't realize their account has been hacked. And this friend says, 'Hey, I was able to get a leftover vaccine. I just had to pay $200 to this guy. Contact him and give him your information,'" Day described. If you get an unsolicited message like that, Day recommends giving the friend a call and contacting them directly so that you can alert them that their account was hacked.
One rule of thumb is to never share your financial information in exchange for a vaccine appointment.
Examine for errors
When you are looking at websites, keep an eye out for misspellings or other inconsistencies, which can be a sign that a website isn't legitimate. Day highlighted one website that appeared to copy the website for Moderna, but had several typos, including in the brand name.
Check the web address for the site you're looking at. If it has a dot with two letters at the very end, like .me (the domain for the country of Montenegro), that may indicate it's a fraudulent site.
"We've already seen domains from other countries coming in, saying that they're registering people for vaccination appointments in the United States," Day said. "That's not true."
Check before clicking
Avoid clicking on links in text messages or emails, unless you have signed up with a site that specifically communicates with links. Day recommends going directly to the website itself.
Avoid any site that asks you to make an appointment for a medical exam. Day also mentioned a recent case in Connecticut where someone with no identification showed up at another person's home to "administer" a vaccine. If this happens to you, call your local authorities right away.
While there have been some cases of public agency representatives going door-to-door to give out shots, this type of scenario would be well-established and reported by your local media. It would not be occurring on a random basis.
NBC News also runs Plan Your Vaccine, a tool to help every American sign up for COVID-19 vaccine alerts and stay up to date on vaccine news.