Is it a case of making strides—or one-step-forward, two-steps-back?

After long and difficult distancing and lockdown mandates, nations around the world are gradually returning to something approaching normalcy. With each new day, businesses are slowly reopening and economies are getting back on track. With acknowledgement that the pandemic is here to stay, many countries have begun implementing measures to protect the progress made so far, while mitigating the threat posed by each new COVID variant that emerges.

On that score, some have begun issuing “Green Passes” to quickly differentiate between people who have been vaccinated or have recovered from COVID, and those who have not. An array of official and informal sanctions are also being imposed across public and private sectors. That includes everything from compulsory vaccinations with fines of thousands of dollars for non-compliance, to workplaces that require employees to provide proof of vaccination or face suspension, to pubs and nightclubs that ban the un-vaxxed from vibing and imbibing with their crew.

Progress, to be sure. But a new study from our FraudAction team finds fraud groups are actively seeking to capitalize on this tentative new phase of life under COVID—and what you don’t know can cost you plenty.

Green Passes: A Greenlight for Fraud?

As hard as it is to believe, misinformation surrounding vaccine safety still flows freely thanks to social media, disreputable news outlets, and divisive public figures. Even the most outlandish conspiracy theories continue to circulate, including those claiming governments use the vaccine to implant tracking chips, or that vaccines cause everything from infertility to autism to unintended magnetism. Is it any wonder a sizable minority of the population refuses to get vaccinated?

As with each new juncture in the COVID timeline, fraudsters are keen to exploit new and existing uncertainties—and new Green Pass regimes offer a powerful new vein to mine. Ever the opportunists, fraudsters are seeking to exploit this new period of heightened anxiety and social polarization in order to offer what appear to be solutions.

Among the most egregious: fake green passes designed to grant the freedoms afforded by legitimate COVID passes without actually getting vaccinated.


Not Just Phishing for an Easy Way Out

The wary, gullible, and just plain obstinate aren’t the only discreet factions being targeted in these scams. Even those who are fully vaccinated and seeking legitimate COVID passes are falling prey.

In some ploys, fraudsters set up expertly-crafted phishing pages resembling official government agency websites in order to fool people into entering personal data as part of the Green Pass registration process. This includes full name, ID number, SSN, date of birth, financial payment information, and other sensitive details presented as required identity proof before COVID passes can be issued.

For those who fall victim, the results could prove devastating.

Figure 4: Fraudster offering to sell templates of COVID-19 phishing page

Deception’s Dangerous Side Effects

Thanks to these and other Green Pass schemes, people purchasing COVID passes legitimate or otherwise are at risk of having their personal data stolen and quickly monetized.

This data can be sold in darkweb marketplaces. In one of these venues, a fraudster is claiming to hold the personal data of 500,000 Russian citizens bamboozled into buying fake COVID certificates.

Figure 6: Hacker offers to sell the database of 500K Russians who bought fake COVID passes on Telegram

Pilfered personal data can also be used to drain victims’ bank accounts, apply for loans, file unemployment claims, and more.

In a case of adding insult to outrageous injury, some fraudsters use phishing attacks to harvest personal data, post it to darknet marketplaces, and then extort the victims through offers to have it removed for a fee before other criminals purchase it.

Honor Among Thieves? Or Just Self-Preservation?

Most cybercriminals show no compunction about capitalizing on people’s fear or anger over vaccinations. But this isn’t a universal point of view. Outseer’s FraudAction researchers have observed threads in venues used by cybercriminals in which fraudsters question whether selling COVID certificates should even be allowed. As one swindler’s view, such scams are “immoral and puts millions in danger.”

Figure 7: Fraudster shows concern regarding selling fake COVID passes

Then again, the sentiment doesn’t necessarily reflect a code of honor or some otherwise undetectable form of altruism. Given COVID’s transmissibility, the millions put in danger by these crimes could easily include themselves and their loved ones.

The Cure for Green Pass Fraud

Businesses, public sector agencies, and other organizations seeking protection against phishing attacks hawking fraudulent Green Passes or the ability to detect counterfeit passes, should source an all-inclusive cyber-intelligence provider.

Using our own offering as an example, Outseer FraudAction provides comprehensive, 24/7 cyber-intelligence and takedown services. The experts in our Anti-Fraud Command Center continuously monitor the threat landscape to detect and shut down phishing sites, phony mobile apps, and fraudulent social media pages used to impersonate your organization—before they do serious harm to your operations, employees, customers, or constituents.

This includes organizations that issue Green Passes at risk of impersonation, as well as businesses with processes for demonstrating compliance with Green Pass or COVID testing mandates. Our threat intelligence feeds alert you to new counterfeit passes and testing results—as well as any other cyber-threat to your organization.

We’ve all come a long way since those first chaotic days of the pandemic. While tentative, progress toward reopening the world is being made. It’s up to all of us to stop bad guys from derailing it.

To learn more about how Outseer FraudAction can help protect your organization from a growing number of cyber-threats, or to schedule a demo, click here.

Adi Goldshtein-Harel

Product Manager

Adi Goldshtein-Harel is Product Manager and Head of the Cyber-Intelligence team of FraudAction Services for Outseer, an RSA company. Adi is responsible for planning, executing, and leading the product roadmap. In addition, Adi leads the Cyber-Intelligence operation providing service to hundreds of customers. Adi’s work provides her with deep insight and expert knowledge of the cybercrime landscape, particularly in the field of online fraud prevention.