IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Phishing emails target victims with fake vaccine passport offer

Scammers could steal victims’ personal information and never deliver the illegal goods, Fortinet warns

Cyber criminals are using offering fake vaccine passports as lures in phishing email scams, according to security researchers at Fortinet.

“Successfully enticing the general population to open a malicious email attachment with the promise of receiving an illegal product may be a first. It reflects how polarizing this issue is and why cyber criminals think that they can successfully exploit it,” Fortinet said.

The researchers discovered an email with an advertisement for a fake COVID vaccine passport that requests Bitcoin payment. The Bitcoin address had zero transactions, which means no one seems to have yet fallen for this scam. The researchers were also unsure if the criminals behind the email would ever send a fake vaccine passport, or if it was a regular phishing exercise or even both.

“What's clear is that scammers ask the target for personally identifiable information (PII) along with USD 149.95 worth of Bitcoin for a potentially double windfall,” said researchers.

Other attempts appeared more professional using the Center for Disease Control’s (CDC) address to appear legitimate.

“The link in this email did not lead to any official document but instead redirected the user to a legitimate server that had been compromised. While the link has been taken down, indicators suggest that this compromised server was used in a phishing attempt,” said researchers.

Researchers also found markets on the dark web offering fake vaccine passports, ranging from blank vaccine cards to verifiable passports that can be checked against legitimate vaccine databases worldwide. They found a single blank vaccination card for $5, but researchers again added there was no guarantee a purchaser would ever receive these documents after paying.

Researchers said the demand for fake vaccine passports seems to be growing due to the large population of people who resist taking or are unable to take the vaccine but want to avoid restrictions.

“Without missing a beat, email scammers and black-market criminals have acted on this demand,” said researchers. “Because these criminals use phishing techniques to socially engineer and lure victims into following steps laid out by the attacker, it is vital to address these challenges.”

Researchers recommended organizations conduct ongoing training designed to educate and inform personnel about the latest phishing/spear-phishing techniques and how to spot and respond to them.

Featured Resources

What 2023 will mean for the industry

What do most IT decision makers really think will be the important trends and challenges in the coming year?

Free Download

2022 Magic quadrant for Security Information and Event Management (SIEM)

SIEM is evolving into a security platform with multiple features and deployment models

Free Download

IDC MarketScape: Worldwide unified endpoint management services

2022 vendor assessment

Free Download

Magic quadrant for application performance monitoring and observability

Enabling continuous updating of diverse & dynamic application environments

View Now

Recommended

Uber says compromised third-party to blame for data breach
data breaches

Uber says compromised third-party to blame for data breach

13 Dec 2022
Microsoft: Russia increasingly timing cyber attacks with missile strikes in Ukraine
cyber warfare

Microsoft: Russia increasingly timing cyber attacks with missile strikes in Ukraine

5 Dec 2022
Major security exploits expected to rise before New Year
vulnerability

Major security exploits expected to rise before New Year

1 Nov 2022
Five common data security pitfalls
Whitepaper

Five common data security pitfalls

21 Oct 2022

Most Popular

Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
GTA V vulnerability exposes PC users to partial remote code execution attacks
vulnerability

GTA V vulnerability exposes PC users to partial remote code execution attacks

23 Jan 2023
European partners expect growth this year, here are three ways they will achieve it
Sponsored

European partners expect growth this year, here are three ways they will achieve it

17 Jan 2023