How scammers are exploiting COVID-19 vaccines

Cybercriminals are setting up malicious domains and peddling phony drugs, all related to the new vaccines, says Bolster.

phony-coronavirus-vaccine-sixgill.jpg

Image: Sixgill

The rollout of vaccines for the coronavirus has been a much-needed piece of good news following the devastating effects of the pandemic in 2020. Scammers have also taken this opportunity to exploit the news for their own malicious purposes. A report published Thursday by fraud prevention company Bolster looks at the latest ways in which bad actors are capitalizing on the new vaccines.

SEE: Managing accounts payable operations during COVID-19 policy (TechRepublic Premium)

Suspicious vaccine-related domains

Online scams often start with a domain registration. Registering a domain is a tipoff that scammers are preparing digital content as a way to profit from criminal campaigns.

In its research, Bolster found that 12,490 domains containing either the word "vaccine" or both of the words "vaccine" and "COVID" were registered in 2020. Almost half (6,104 sites) are either malicious or suspicious, and all of them live and accessible on the internet, according to Bolster co-founder Shashi Prakash.

In some cases, the website content has not yet been activated. In other cases, the sites have email capability so cybercriminals can use them to distribute emails for phishing campaigns.

The actual vaccines may be relatively new, but this uptick in related registrations started in the first quarter of 2020 and then spiked in March when the World Health Organization declared the coronavirus outbreak a global pandemic.

Domains targeting vaccine manufacturers

So far, the FDA has approved two vaccines in the US--one created by Pfizer in partnership with BioNTech and a second from Moderna. With these developments, Bolster has discovered a slew of new domain registrations targeting all three drug makers. Many of these new registrations are likely to lead to typosquatting campaigns in which malicious actors spoof the real domain names.

Domain registrations that contain the names "Pfizer" and "BioNTech" increased slightly in March 2020 but then jumped during the fourth quarter of the year. Most of the domains mentioned Pfizer as it's the better known company of the two. Altogether, domain names referencing the two companies rose from just 13 in January 2020 to 343 in December 2020.

For Moderna, Bolster found 3,596 new domain registrations in 2020. The number grew in March but then soared in September as the company showed progress on its vaccine. New domain registrations with the name Moderna rose from 114 in January 2020 to around 550 in December.

Fake sites touting real vaccines

One site uncovered by Bolster sells the "World's First Consumer COVID-19 Vaccine" with free shipping! The vaccine being touted is called CoronaVac, a drug from Chinese life sciences company Sinovac. Though this vaccine has been approved by China for use with high-risk groups, it's still in phase three trials and not yet fully tested or officially available.

The CoronaVac vaccine may be real, but the site itself is not, according to Bolster. The domain is registered in Panama through a service that conceals the identity of the owner. The address and phone number of the company are shared by other businesses, including a waterless car wash service and a talent management agency. Further, the vaccine is being sold with free shipping. However, the drug must be refrigerated at a temperature of 35.6 to 46.4 degrees Fahrenheit to retain its effectiveness, which would be impossible without special shipping containers.

Fake vaccines

As states scramble to roll out the vaccine, many people remain uncertain as to where and when they can receive their shots. Cybercriminals naturally are taking advantage of this confusion. Beyond hawking phony vaccines, malicious actors are engaging in other types of scams, including the following:

  • Home kits to produce your own vaccine using raw ingredients.
  • Priority lists that allow you to jump to the head of the line.
  • Reselling "excess" vaccine inventory from an exclusive source.
  • Paid-for waitlists that allow you to bypass other people.
  • Alternative vaccines that work as well as the real vaccines.
  • Purchasing a spot from somebody who already has an appointment.
  • Spreading false data or news to try to convince people not to get vaccinated.

In response, Bolster advises people to get inoculations only from their primary care providers. Further, pharmaceutical companies should launch anti-fraud campaigns to foster trust in their products.

To protect organizations and individuals from these vaccine-related scams, Prakash offers the following suggestions:

  1. Don't buy vaccines over the internet. This is just not possible and is a clear scam.
  2. Only trust the government and health agencies for vaccine information. This immunization program is run by the government, which is defining the rules to make the distribution fair and equitable. 
  3. Contact your local health organization to get up-to-date information on vaccinations in your area.
  4. Be patient. Immunizations just started, and there is a lot of chaos and confusion. Give the process time to work out the kinks.

Also see