Nearly two years into the battle against COVID-19 over 3 billion people around the globe and over 15 million in South Africa are now fully vaccinated.
“As governments continue their efforts to stop the spread of COVID-19 and encourage vaccination, the scene has been set for phishing scams targeting those who are unwilling to get vaccinated, but who still want the benefits available to those who have been vaccinated”, says Doros Hadjizenonos, Regional Sales Manager at Fortinet.
Vaccination cards and passes are increasingly being required to give people access to travel, events and even to their workplaces globally. South Africa, in the early stages of rolling out a vaccine passport, is considering making the digital certificate mandatory for access to venues and events. Local businesses and banks are also offering incentives and prizes to people who hold these certificates.
“Because of this trend, opportunistic cybercriminals have begun selling counterfeit vaccine passports on the black market. While this is not necessarily new, unlike other criminal activities, this strategy is going mainstream around the world”, says Hadjizenonos.
Demand for fake vaccination cards appears to be on the rise in South Africa, with several reports noting incidents in which people request fake vaccination cards in order to be able to travel, and even cases in which pharmacy staff have been caught issuing fake vaccine cards.
“With growing demand and an emerging black market, FortiGuard Labs has now begun to encounter offers of fake vaccine passports as lures in email scams. Successfully enticing the general population to open a malicious email attachment with the promise of receiving an illegal product may be a first, and reflects how polarising this issue is and why cybercriminals think that they can successfully exploit it,” Hadjizenonos says.
FortiGuard Labs recently observed one email spam that advertises a fake Covid vaccine passport and asks the target for personally identifiable information (PII) along with $149.95 worth of Bitcoin for a potentially double windfall.
FortiGuard Labs has also found various markets on the dark web offering fake vaccine passports. As expected, a wide range of products and services are available, from blank vaccine cards to verifiable passports that can be checked against legitimate vaccine databases worldwide.
A single blank vaccination card can be found for as low as $5.00, while buying in bulk may increase a buyer’s savings. Of course, there is no guarantee that a purchaser will ever actually receive these documents.
Because the market is being flooded with opportunistic counterfeiters, some sellers have begun offering sales and discounts. Others provide an escrow service in an attempt to protect the buyer and the seller.
FortiGuard Labs recommends practicing due diligence when receiving emails and keeping an eye out for these types of scams. Organisations are also strongly encouraged to conduct ongoing training designed to educate and inform personnel about the latest phishing/spearphishing techniques and how to spot and respond to them.
This should include encouraging employees to never open attachments from someone they don’t know and to always treat emails from unrecognised/untrusted senders with caution.