Scammers are offering a new counterfeit product in the run up to Christmas – fake Covid-19 vaccines.
With prices ranging between a few hundred dollars in bitcoins, the products include drugs claiming to be the vaccine along with chloroquine phosphate, which was touted as a potential cure or preventative against Covid-19.
“As the vaccine gets rolled out, I think it’s logical to assume that people will seek a variety of different ways to get hold of the vaccine first,” said Head of Products Vulnerabilities Research for Check Point Oded Vanunu.
“One of those ways is via the dark net. We are already seeing a number of vendors advertising the opportunity to buy the coronavirus vaccine on the dark net.”
Since the vendors accept bitcoin, purchases are untraceable and the reliability and quality of their offerings are unverifiable. One vendor claimed that they had received their stock of vaccine from a leading pharmaceutical company.
Researchers from Check Point contacted a vendor and received an offer for an unspecified Covid-19 vaccine. The seller claimed that 14 doses were needed per person, in contradiction of official advice that most coronavirus vaccines need two shots per person, administered three weeks apart.
The seller did not claim they had limited stock, only asking the Check Point researchers indicate how many they would need.
In addition, hydroxychloroquine is being sold online for as little as $10 with erroneous claims that it can be used to treat coronavirus.
Numerous sources, including US President Donald Trump and Brazilian President Jair Bolsonaro repeated claims about the use chloroquine in the fight against Covid-19, despite being contradicted by health experts.
Check Point also recorded a surge in new web domains containing the word vaccine. Since November, over 1000 new domains were registered, with around 40% of these also contain the words Covid or corona.
The researchers also found a similar rise in phishing attacks using vaccine-related content as bait. These attacks include malicious links and software that are activated if the victim clicks on the email’s content.
- NCSC issues cyber fraud warning to Christmas shoppers
- Cybersecurity specialist FireEye targeted by sophisticated threat actors
- Children’s Commissioner warns of risks of end-to-end encryption
Cybercriminals have been quick to exploit the coronavirus and the vaccine to target people. Uncertainties caused by the disease and subsequent social upheaval have led to a rise in cyberattacks this year.
These included attacks against groups involved in its creation to steal data, and attacks targeting the vaccine’s supply chain.
“The Covid-19 pandemic has been a true ‘black swan’ – an ultra-rare yet high impact event that has derailed business as usual. Hackers have also sought to take advantage of the pandemic’s disruption: 58% of security professionals have reported an increase in cyber threats since lockdowns started,” a Check Point statement read.