SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Surge in fake COVID-19 vaccine certificates on darknet following delta outbreak

Wed, 18th Aug 2021
FYI, this story is more than a year old

There has been a surge in the number of sellers advertising fake vaccination certificates, according to Check Point.

From March this year, Check Point Research saw a 257% increase in the number of sellers using Telegram to advertise fake vaccination cards to those "who do not want to take the vaccine". For as low as USD$100, anyone can pay with cryptocurrency to purchase fake CDC, NHS and EU Digital COVID-19 certificates, and more.

According to the research, group numbers on Telegram that advertise fake vaccination cards increased by 257%; CPR estimates over 2500 groups are currently active.

Group followership increased by 566%, as CPR now sees groups with 100,000 followers each on average, with some groups exceeding over 450,000 followers.

The price to purchase fake vaccination cards reduced by half, from $200 a pop in March to as low as $100.

The research also found the country range widened for fake vaccination cards, where USA, UK and Germany made the majority of advertisements in March. Today, sellers on the darknet advertise fake vaccination cards for all over the world, including USA, UK, Switzerland, Pakistan, Netherlands, Italy, Greece, Indonesia, France

Shift from Darknet to Telegram

In March, the majority of the fake coronavirus certificates were advertised on the dark net. Now, CPR sees the majority of black market activity centered around Telegram. CPR suspects the shift to Telegram has helped sellers scale their distribution efforts, reaching more consumers, faster.

"We've been studying the darknet and Telegram for coronavirus related services all year," says Oded Vanunu, head of products vulnerabilities research at Check Point.

"Right now, fake vaccination cards for almost all countries are now available for purchase. All you need to do is list the country you are from and what you want," he says.

"Vendors are choosing to advertise and do business on Telegram because it scales their distribution. Telegram is less technical to use compared to the dark net and can reach an inordinate amount of people, fast.

"We believe the broader market surge is fuelled by the rapidly spreading Delta variant and the stemming urgency for everyone to become vaccinated. In effect, there are people who don't want to take the vaccine, but still want the freedoms that come with proving vaccination."

Vanunu says these people are increasingly turning to the darknet and Telegram in scores.

"Since March, prices for fake vaccination cards have dropped by half and online groups for these fraudulent coronavirus services boast followings of hundreds of thousands of people," he says.

"I strongly recommend people to no engage these sellers for anything, as these vendors are after more than just selling you fake vaccination cards.

Awareness Tips:

  • Don't engage. The Darknet functions primarily as the black market of the Internet and is typically involved in transactions involving drugs, cyber-weapons, forgery and more. We recommend people not to engage with sellers publishing on such groups or marketplaces published in the Darknet.
  • Share securely. Every country should internally manage a central repository of tests and vaccinated people, which can and should securely be shared between relevant authorized only bodies within the country.
  • Use encryption. All 'green passes' and vaccination certificates should be managed and encrypted in a secured way by the relevant official bodies within each country and allow a QR code to be scanned and authenticate it.
  • Foster cooperation. Countries should cooperate to share info regarding such data and create a secured repository with encryption keys, to allow people to roam using legit only certifications and to be able to detect forged and fake ones.
Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X