Phishing emails target victims with fake vaccine passport offer
Scammers could steal victims’ personal information and never deliver the illegal goods, Fortinet warns
“Successfully enticing the general population to open a malicious email attachment with the promise of receiving an illegal product may be a first. It reflects how polarizing this issue is and why cyber criminals think that they can successfully exploit it,” Fortinet said.
The researchers discovered an email with an advertisement for a fake COVID vaccine passport that requests Bitcoin payment. The Bitcoin address had zero transactions, which means no one seems to have yet fallen for this scam. The researchers were also unsure if the criminals behind the email would ever send a fake vaccine passport, or if it was a regular phishing exercise or even both.
“What's clear is that scammers ask the target for personally identifiable information (PII) along with USD 149.95 worth of Bitcoin for a potentially double windfall,” said researchers.
Other attempts appeared more professional using the Center for Disease Control’s (CDC) address to appear legitimate.
“The link in this email did not lead to any official document but instead redirected the user to a legitimate server that had been compromised. While the link has been taken down, indicators suggest that this compromised server was used in a phishing attempt,” said researchers.
Researchers also found markets on the dark web offering fake vaccine passports, ranging from blank vaccine cards to verifiable passports that can be checked against legitimate vaccine databases worldwide. They found a single blank vaccination card for $5, but researchers again added there was no guarantee a purchaser would ever receive these documents after paying.
Researchers said the demand for fake vaccine passports seems to be growing due to the large population of people who resist taking or are unable to take the vaccine but want to avoid restrictions.
“Without missing a beat, email scammers and black-market criminals have acted on this demand,” said researchers. “Because these criminals use phishing techniques to socially engineer and lure victims into following steps laid out by the attacker, it is vital to address these challenges.”
What 2023 will mean for the industry
What do most IT decision makers really think will be the important trends and challenges in the coming year?Free Download
2022 Magic quadrant for Security Information and Event Management (SIEM)
SIEM is evolving into a security platform with multiple features and deployment modelsFree Download
IDC MarketScape: Worldwide unified endpoint management services
2022 vendor assessmentFree Download
Magic quadrant for application performance monitoring and observability
Enabling continuous updating of diverse & dynamic application environmentsView Now