Delta Variant Fuels Black Market for Fake Vaccination Certificates

29
Oded Vanunu, Head of Products Vulnerabilities Research at Check Point

From March, Check Point Research (CPR) sees a 257% jump in the number of sellers using Telegram to advertise fake vaccination cards to those “who do not want to take the vaccine”, as pressure to take the vaccine rises with the rapidly spreading Delta variant. For as low as $100, anyone can pay with cryptocurrency to purchase fake CDC, NHS and EU Digital COVID certificates, and more. 

·         Group number on Telegram that advertise fake vaccination cards increase by 257%, as CPR now estimates over 2500 groups are currently active

·    Group followership increases by 566%, as CPR now sees groups with 100,000 followers each on average, with some groups exceeding over 450,000 followers

·     Price to purchase fake vaccination cards cuts in half, from $200 a pop in  March to as low as $100 today 

·    Country range widens for fake vaccination cards, where USA, UK and Germany made the majority of advertisements in March. Today, sellers on the darknet advertise fake vaccination cards for all over the world, including USA, UK, Switzerland, Pakistan, Netherlands, Italy, Greece, Indonesia, France

Check Point Research (CPR) sees exponential growth in market activity for fake coronavirus vaccine certificates, primarily on Telegram. For as low as $100, advertisements promise the EU Digital COVID certificate, CDC and NHS COVID vaccination cards, alongside fake PCR COVID-19 tests to anyone willing to pay. Sellers are organizing their services in groups on Telegram, with some groups exceeding 450,000 followers, as sellers view Telegram as a far more efficient means to scale distribution. Vaccination certificates for almost every country are available for purchase. The majority of the fake certificates are being sold from European countries. 

In March 2021, CPR published a report that first detailed the trend of fake ‘vaccine passports’  being sold online across the darknet. Since then, CPR has continued to monitor the black market for activity around alleged coronavirus services. 

Advertisement Details

The advertisements are specifically designed for people “who do not want to take the vaccine”. One advertisement exampled displayed “we are here to save the world from this poisonous vaccine.” The advertisements highlight the ability to travel and work freely as benefits of their product. Advertisements purport that their vaccination cards are registered and verified in the NHS and CDC system online, as well as the EU database. 

Payment 

Sellers mostly accept payments through PayPal and cryptocurrency (Bitcoin, Monero, Dogecoin, Litecoin, Ethereum and others).  In some cases, Steam, Amazon and ebay gift-cards are accepted. 

Contact

Sellers list their method of contact as Telegram, WhatsApp, email, Wickr and Jabber.  

Shift from Darknet to Telegram

In March, the majority of the fake coronavirus certificates were advertised on the dark net. Now, CPR sees the majority of black market activity centered around Telegram. CPR suspects the shift to Telegram has helped sellers scale their distribution efforts, reaching more consumers, faster. 

Quote: Oded Vanunu, Head of Products Vulnerabilities Research at Check Point: 

“We’ve been studying the darknet and Telegram for coronavirus related services all year. Right now, fake vaccination cards for almost all countries are now available for purchase. All you need to do is list the country you are from and what you want. Vendors are choosing to advertise and do business on Telegram because it scales their distribution. Telegram is less technical to use compared to the dark net and can reach an inordinate amount of people, fast. We believe the broader market surge is fueled by the rapidly spreading Delta variant and the stemming urgency for everyone to become vaccinated. In effect, there are people who don’t want to take the vaccine, but still want the freedoms that come with proving vaccination. These people are increasingly turning to the darknet and Telegram in scores. Since March, prices for fake vaccination cards have dropped by half and online groups for these fraudulent coronavirus services boast followings of hundreds of thousands of people. I strongly recommend people to no engage these sellers for anything, as these vendors are after more than just selling you fake vaccination cards.” 

Awareness Tips:

1.       Don’t engage. The Darknet functions primarily as the black market of the Internet and is typically involved in transactions involving drugs, cyber-weapons, forgery and more. We recommend people not to engage with sellers publishing on such groups or marketplaces published in the Darknet.

  1. Share securely. Every country should internally manage a central repository of tests and vaccinated people, which can and should securely be shared between relevant authorized only bodies within the country.
  1.  Use encryption. All ‘green passes’ and vaccination certificates should be managed and encrypted in a secured way by the relevant official bodies within each country and allow a QR code to be scanned and authenticate it. 
  1. Foster cooperation. Countries should cooperate to share info regarding such data and create a secured repository with encryption keys, to allow people to roam using legit only certifications and to be able to detect forged and fake ones.