Phishing emails target victims with fake vaccine passport offer
Scammers could steal victims’ personal information and never deliver the illegal goods, Fortinet warns
“Successfully enticing the general population to open a malicious email attachment with the promise of receiving an illegal product may be a first. It reflects how polarizing this issue is and why cyber criminals think that they can successfully exploit it,” Fortinet said.
The researchers discovered an email with an advertisement for a fake COVID vaccine passport that requests Bitcoin payment. The Bitcoin address had zero transactions, which means no one seems to have yet fallen for this scam. The researchers were also unsure if the criminals behind the email would ever send a fake vaccine passport, or if it was a regular phishing exercise or even both.
“What's clear is that scammers ask the target for personally identifiable information (PII) along with USD 149.95 worth of Bitcoin for a potentially double windfall,” said researchers.
Other attempts appeared more professional using the Center for Disease Control’s (CDC) address to appear legitimate.
“The link in this email did not lead to any official document but instead redirected the user to a legitimate server that had been compromised. While the link has been taken down, indicators suggest that this compromised server was used in a phishing attempt,” said researchers.
Researchers also found markets on the dark web offering fake vaccine passports, ranging from blank vaccine cards to verifiable passports that can be checked against legitimate vaccine databases worldwide. They found a single blank vaccination card for $5, but researchers again added there was no guarantee a purchaser would ever receive these documents after paying.
Researchers said the demand for fake vaccine passports seems to be growing due to the large population of people who resist taking or are unable to take the vaccine but want to avoid restrictions.
“Without missing a beat, email scammers and black-market criminals have acted on this demand,” said researchers. “Because these criminals use phishing techniques to socially engineer and lure victims into following steps laid out by the attacker, it is vital to address these challenges.”
Next-generation time series: Forecasting for the real world, not the ideal world
Solve time series problems with AIFree download
The future of productivity
Driving your business forward with Microsoft Office 365Free download
How to plan for endpoint security against ever-evolving cyber threats
Safeguard your devices, data, and reputationFree download
A quantitative comparison of UPS monitoring and servicing approaches across edge environments
Effective UPS fleet managementFree download