In one of our previous blogs about COVID-19 we covered how cybercriminals have devised multiple ways to abuse an individual’s sensitive medical data and offer services such as fake COVID-19 Vaccination Certificates / Passports on cybercrime forums and dark web markets.
With COVID-19 as the threat vector, cybercriminals are devising newer ways to defraud people. The recent spike in COVID-19 cases globally, and especially in South Asia, has generated a situation marked by the lack of medical resources, and the shortage of the life-saving Remdesivir injection has left families of critical Covid positive patients in distress. Along with the unprecedented growth in COVID-19 cases, there has also been an acute shortage of vaccines. A few markets on the darkweb are using these situations as an opportunity to defraud people by encouraging unsuspecting individuals to pay sellers in currencies such as Bitcoin in exchange for vaccines from these marketplaces.
After finding out about these services, the Research Unit at Cyble decided to further investigate these frauds.
The image below is a screenshot from one of the sites on the darkweb offering solutions for COVID-19 vaccination.
The website also provides an option to Connect on Telegram. In the interest of gathering more information, Cyble researchers connected with them on Telegram.
After exchanging pleasantries, the seller asked us for the number of vaccines required and told us that the vaccines, including Remdesivir, can be shipped in a day’s time from the seller’s location, in this case, from Europe.
The threat actor also assured us that the shipment will arrive overnight to India.
We were told that the price for two doses of a vaccine is USD 1,000, and USD 100 is the price for Remdesivir.
As part of showcasing proof, the threat actor sent us faked COVID-19 Vaccination certificates claiming that it had been sent to one of his/her clients in Germany for the price of 130 Euros.
Possessing a vaccination passport allows citizens to avoid going into self-isolation. This certificate also serves as the negative COVID report required when traveling to other countries, which grants holders the license to avoid quarantine upon arrival at the destination. This means the holder will be able to access public areas and attend social events and activities as if they were actually vaccinated.
As part of our research, we enquired about Vaccines being sent to India at this point of time. We sent the threat actor a fake identity – Chetan Mishra from Noida for the Name and Address.
We were also showed the alleged proof (invoice) that would be shared with their vendor for dispatching the products.
The threat actor then confirmed that the package will be shipped within 24 hrs.
This is a well-devised scheme being carried out by tricksters taking advantage of the complications caused by the pandemic. These vaccines are never shipped, and the threat actors end up siphoning funds from innocent people.
We advise people to refrain from engaging with any such sources selling COVID-19 vaccines before gauging their authenticity.
Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.com.