IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Phishing emails target victims with fake vaccine passport offer

Scammers could steal victims’ personal information and never deliver the illegal goods, Fortinet warns

Cyber criminals are using offering fake vaccine passports as lures in phishing email scams, according to security researchers at Fortinet.

“Successfully enticing the general population to open a malicious email attachment with the promise of receiving an illegal product may be a first. It reflects how polarizing this issue is and why cyber criminals think that they can successfully exploit it,” Fortinet said.

The researchers discovered an email with an advertisement for a fake COVID vaccine passport that requests Bitcoin payment. The Bitcoin address had zero transactions, which means no one seems to have yet fallen for this scam. The researchers were also unsure if the criminals behind the email would ever send a fake vaccine passport, or if it was a regular phishing exercise or even both.

“What's clear is that scammers ask the target for personally identifiable information (PII) along with USD 149.95 worth of Bitcoin for a potentially double windfall,” said researchers.

Other attempts appeared more professional using the Center for Disease Control’s (CDC) address to appear legitimate.

“The link in this email did not lead to any official document but instead redirected the user to a legitimate server that had been compromised. While the link has been taken down, indicators suggest that this compromised server was used in a phishing attempt,” said researchers.

Researchers also found markets on the dark web offering fake vaccine passports, ranging from blank vaccine cards to verifiable passports that can be checked against legitimate vaccine databases worldwide. They found a single blank vaccination card for $5, but researchers again added there was no guarantee a purchaser would ever receive these documents after paying.

Researchers said the demand for fake vaccine passports seems to be growing due to the large population of people who resist taking or are unable to take the vaccine but want to avoid restrictions.

“Without missing a beat, email scammers and black-market criminals have acted on this demand,” said researchers. “Because these criminals use phishing techniques to socially engineer and lure victims into following steps laid out by the attacker, it is vital to address these challenges.”

Researchers recommended organizations conduct ongoing training designed to educate and inform personnel about the latest phishing/spear-phishing techniques and how to spot and respond to them.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

A new age of asset management
Active Directory

A new age of asset management

1 Jun 2022
Protecting healthcare from cybercrime
Whitepaper

Protecting healthcare from cybercrime

25 May 2022
The truth about cyber security training
Whitepaper

The truth about cyber security training

25 Apr 2022
The truth about cyber security training
Whitepaper

The truth about cyber security training

25 Apr 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022