To slow the spread of COVID-19 variants, residents of British Columbia must now show their provincial vaccine card to prove their vaccination status before accessing non-essential events, services, and businesses.
This month, Prime Minister Trudeau also announced that a federal vaccine passport will soon come into effect. Once again, cyber criminals are capitalizing on current events with offers of fake vaccine passports. But it’s a “deal” that might cost you much more than the advertised sticker price.
Cyber crooks are known to take advantage in times of crisis. At the start of the pandemic, they were offering fake cures and personal protective gear, luring unwary consumers into giving them money and sensitive personal information. The same is now true for counterfeit vaccine passports offered for sale through unsolicited communications and the dark web.
Sellers are offering phoney proof-of-vaccination documents and stolen QR codes for multiple provinces that apparently look just like the real thing. Some even claim to be able to stand up to a check against legitimate government databases.
The stakes and risks for would-be purchasers are high. These criminals aim to direct you to illicit and nefarious marketplaces, where clicking on a link could put your device at risk, exposing it to malware or worse.
At Fortinet’s FortiGuard Labs, we have already begun to see an increase in schemes and attempts on the dark web, to lure people with offers of fake vaccination documents, targeting different regions in different languages. These schemes include unsolicited spam emails and more sophisticated spoof emails that appear to come from reliable sources. As expected, a wide range of products and services are available for varied prices. A single blank vaccination card can come in as low as $5.00, while ones promising to link to official databases can cost hundreds more.
These types of scams are designed to entice consumers to play right into the cyber criminal’s hands. That could be soliciting the personal data needed to steal your identity or tricking you into opening malicious attachments or links. Those clicks can download malware to your device, compromising your data or opening the door to ransomware, where these bad actors take control of your device and extort money to restore it.
Because these attackers use sophisticated phishing techniques to lure victims in, consumers must be vigilant. It’s important to always treat unsolicited emails with caution, especially ones with links and “too good to be true” offers.
To help identify these opportunistic scams, consumers should watch out for emails with urgent messages that suggest negative consequences unless the target performs a specific action. Before opening any attachment or clicking a link, take time to examine it carefully. Dead giveaways include spelling and grammatical errors, as well as inconsistencies within the domain name or email address. If you do click on a link, don’t share any personal information, such as your birthdate, health card number, or passwords to your banking site.
It’s equally important for organizations to protect themselves as they can become vulnerable to these attacks through their employees. By conducting ongoing training designed to educate and inform personnel about the latest phishing techniques and how to spot and respond to them, businesses can mitigate this risk.
The accelerated growth of these scams isn’t a surprise to those in the security business. But they are evidence of just how polarizing the issue of vaccine passports is – and that’s exactly what cyber criminals are exploiting for their own benefit. These opportunistic scams can quickly spiral out of control, and consumers would do well to steer clear.
Derek Manky is Chief of Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs.
Leave a Reply