Beware of vaccination card scams in SA, says Fortinet

The demand for fake vaccination cards appears to be on the rise in South Africa, with several reports noting incidents in which people request fake vaccination cards in order to be able to travel, and even cases in which pharmacy staff have been caught issuing fake vaccine cards, reports Fortinet. Photo: Geralt/Pixabay

The demand for fake vaccination cards appears to be on the rise in South Africa, with several reports noting incidents in which people request fake vaccination cards in order to be able to travel, and even cases in which pharmacy staff have been caught issuing fake vaccine cards, reports Fortinet. Photo: Geralt/Pixabay

Published Nov 18, 2021

Share

THE DEMAND for fake vaccination cards appears to be on the rise in South Africa, with several reports noting incidents in which people request fake vaccination cards in order to be able to travel, and even cases in which pharmacy staff have been caught issuing fake vaccine cards, reports Fortinet.

The firm’s regional sales manager, Doros Hadjizenonos, said with growing demand and an emerging black market, FortiGuard Labs had now begun to encounter offers of fake vaccine passports as lures in email scams.

“Successfully enticing the general population to open a malicious email attachment with the promise of receiving an illegal product may be a first, and reflects how polarising this issue is and why cybercriminals think that they can successfully exploit it,” Hadjizenonos said.

According to the company, nearly two years into the battle against Covid-19, more than 3 billion people around the globe and more than 15 million in South Africa were now fully vaccinated.

Hadjizenonos said as governments continued their efforts to stop the spread of Covid-19 and encourage vaccination, the scene had been set for phishing scams targeting those who were unwilling to get vaccinated, but who still wanted the benefits available to those who have been vaccinated.

Vaccination cards and passes were increasingly being required to give people access to travel, events and even to their workplaces globally.

South Africa, in the early stages of rolling out a vaccine passport, was said to be considering making the digital certificate mandatory for access to venues and events.

Local businesses and banks were also offering incentives and prizes to people who held these certificates.

“Because of this trend, opportunistic cybercriminals have begun selling counterfeit vaccine passports on the black market. While this is not necessarily new, unlike other criminal activities this strategy is going mainstream around the world,” Hadjizenonos said.

FortiGuard Labs recently observed one email spam that advertises a fake Covid vaccine passport and asked the target for personally identifiable information along with $149.95 (about R2 290) worth of Bitcoin for a potentially double windfall.

FortiGuard Labs said it had also found various markets on the dark web offering fake vaccine passports.

As expected, a wide range of products and services are available, from blank vaccine cards to verifiable passports that could be checked against legitimate vaccine databases worldwide.

A single blank vaccination card could be found for as little as $5, while buying in bulk may increase a buyer’s savings. There was no guarantee that a purchaser would ever actually receive these documents.

The company said that with the market being littered with opportunistic counterfeiters, some sellers had begun offering sales and discounts. Others provided an escrow service in an attempt to protect the buyer and the seller.

FortiGuard Labs recommended practising due diligence when receiving emails and keeping an eye out for these types of scams.

It said organisations were also strongly encouraged to conduct ongoing training designed to educate and inform personnel about the latest phishing and spearphishing techniques and how to spot and respond to them.

The firm said this should include encouraging employees to never open attachments from someone they did not know and to always treat emails from unrecognised/untrusted senders with caution.

[email protected]

BUSINESS REPORT ONLINE