People who get one or two coronavirus shots receive some type of document or certificate confirming the vaccination. At some point, such proof may be required for certain types of international travel. But with only around 6% of the world’s population currently vaccinated, a lot of people are still unprotected, which means they might run into obstacles when trying to travel. And of course, that possibility opens up another area for cybercriminals to exploit.
SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic)
A report released Tuesday by threat intelligence firm Check Point Research explains how phony COVID-19 vaccine documents are selling on the Dark Web and how to avoid these fake documents.
To pave the way for safe tourism, air flights and border crossings, the European Commission has already proposed a vaccination certificate that citizens would use to prove they’ve been vaccinated, had a negative COVID-19 test or have recovered from the virus. Such a document would serve as a “passport” that would allow people to travel among different countries and attend public events.
For individuals who don’t have such a certificate or can’t wait for a vaccine, the Dark Web is becoming home to fake documents, according to Check Point’s analysis. One ad spotted in the online underground touted phony vaccine certificates selling for 10,000 rubles (around $135). Another ad, reportedly from the U.K., offered a fake vaccination card for $150 and bitcoin as the payment method.
One text message exchange between Check Point and a seller on the Dark Web revealed how this process works. Asked whether the phony certificate looks authentic, complete with a doctor’s signature, the seller offered assurances that they had done this many times and that other buyers had no issues. A potential buyer need only provide the name and date required on the certificate and pay the price tag of $200.
“You don’t have to worry…It’s our job….We have done this to many people and it’s all good,” the vendor told a Check Point researcher.
In yet another instance, a seller was hawking an “official” certificate from a clinic in Moscow for citizens of the Commonwealth of Independent States to help them cross the borders of Russia. A service pack for this document costs 8,000 rubles (around $105). The seller tells one potential buyer that “many people already passed (the borders) with it.”
Beyond touting fake vaccine certificates, Dark Web purveyors are selling negative COVID-19 test documents. Several sellers observed by Check Point were offering authentic-looking documents customized for each buyer for just $25 a pop. Available within just 30 minutes, the results are “discreetly” sent to each person’s email address.
To help individuals and countries avoid falling for these fake COVID-19 documents, Check Point offers the following suggestions:
- People should watch for certain authenticity indicators on documents, such as misspellings, errors, low-quality logos and mistakes in terminology (e.g. “corona disease” or “the covid epidemic”).
- Every country should internally manage a central repository of tests and vaccinated people, which can securely be shared among relevant authorized bodies within the country.
- All data of tests and vaccination population should be digitally signed with encrypted keys.
- Airports, border keepers and any official enforcement agent should be able to scan a QR or bar code (which is digitally signed – without this digital signature the code is highly exploitable) on the certificate. The code should link to a secured repository that can validate the authenticity of the paper and confirm whether the person got the vaccine or was actually tested for COVID and received a negative result.
- Going forward, countries should be able to share the digitally signed data to enable certificate holders to safety roam and cross borders. For example, Greece and Israel have already agreed to recognize each other’s vaccination certificates (also known as “green passports”).