Thriving black market for vaccines, fake test results and vaccination certificates as cyber criminals cash in on pandemic
Johannesburg - As South Africa prepares to roll out its mass Covid-19 vaccination programme, security experts have warned that there is a thriving black market for vaccine certificates, fake negative Covid test results and even vaccines themselves on the Dark Web.
Cyber threat analysis firm Check Point Research (CPR) told The Saturday Star this week that forged Covid-19 test results and fake “vaccine passport” certificates were being offered across chat rooms on the Dark Web from between R350 to R3 500 to people seeking to leave the country by air or land.
Advertisements for Covid-19 vaccines ‒ AstraZeneca, Sputnik, Sinopharm and Johnson and Johnson ‒ have spiked by more than 300% in the past three months, with prices ranging between R7 000 and R14 500 per dose, according to CPR.
Pankaj Bhula, Check Point’s EMEA Regional Director in Africa, said the global demand for fake Covid-19 test results and vaccine passports, as well as vaccines, had sky-rocketed. The sellers are mostly based in the US as well as Spain, Germany, France and Russia, but their wares, including some untested and still unapproved items, are freely available to South Africans who can pay for them.
“We have seen claims from sellers to have stock from a leading pharmaceutical company, of a newly approved vaccine available for sale and delivery to the UK, US and Spain that is just one WhatsApp or Telegram chat away.
“As our societies struggle to return to pre-Covid norms, a negative Covid-19 test result or a vaccination certificate is the golden key that will unlock restrictions and enable people to move and mingle with greater freedom,” Bhula told the Saturday Star. “And of course, this creates an opportunity for criminals and scammers to exploit those people who are willing to risk using fake documents to achieve that freedom.
“Using fake test results and counterfeit certificates can potentially increase the risk of infection, as others have a false sense of security when in contact with people who have used these goods,” said Bhula.
The surge in counterfeit documents has prompted several official warnings, with Europol issuing one in February about them being sold at airports and the World Health Organisation (WHO) advising on the pandemic being used to spawn a new phishing epidemic by criminals purporting to represent it. Bhula said CPR had also found scamsters and fraudsters using vaccine-related news as bait for their phishing campaigns.
“Many Dark Web vendors also use fake news and conspiracies to punt their products, which leads to mistrust in actual scientific evidence, and can also be damaging to the fight against the disease.
“The range of medicines advertised by these vendors is extensive, from Covid-19 vaccines to 'treatments’,” said Bhula.
While the items are easily available, Bhula said it was incredibly risky to buy anything from the Dark Web.
“The risks are high; because there is no accountability or traceability, there is no way of knowing whether what you bought is genuine. Users can also be exposed to malware on the Dark Web, which can give hackers opportunities for a cyberattack. Some users on the Dark Web may also attempt phishing scams to steal identities or extort money.”
Danny Myburgh, managing director of Cyanre, a South African digital forensics laboratory, said he was also aware of the trade in fake Covid-19 documents.
“I don’t think the demand is as big in South Africa currently, but it might increase with potential future bans,” said Myburgh, who previously commanded the SAPS’s national computer crime investigation unit.
“Currently a person could want to buy a positive or negative test to be booked off sick or to show that they are healthy and can travel. I think specifically the false vaccination certificates will become popular if one needs it before being allowed to travel.”
Myburgh warned against buying items on the Dark Web.
“Trading in illicit items/material is very dangerous. You must know that you are dealing with a criminal from the start if you are buying illegal stuff. They would not hesitate to steal your money since they know that you would be hesitant going to the authorities and admit that you were attempting to buy contraband.
“Secondly, the Dark Web is mostly anonymous, so you won't be able to trace them. They can also ship you something poisonous instead of a vaccine. They can extort you by threatening to report you to the authorities if you admit you want to buy contraband or they can send you a file containing malicious software instead of a certificate,” said Myburgh.
“Lastly, you can also be caught by the authorities who are monitoring these sites or it could be a honey-pot setup by law enforcement who want to catch people who buy contraband.”
Cape Town-based cyber security expert Anna Collard said she wasn’t surprised by fast-growing black market for Covid-19 related items.
“As soon as there is an event of public interest, organised crime and cyber criminals prey on people’s fears and emotions to make a quick buck,” said Collard. “Vaccination themed scams are just the latest trends”.
She said it was easy for individuals to buy items on the Dark Web, “but ‘purchase’ doesn’t necessarily mean receiving anything in return”. Instead, she said, unwitting buyers were more likely to have their personal information and identity exploited.
Diana Selck-Paulsson, a threat analyst at Orange Cyberdefense (corr), said accessing the Dark Web was simple, and there were even instructions on the normal internet.
“Besides the criminal marketplaces that we hear so much about in the media, the Dark Web is a place for anonymity that does not necessarily serve the evil, but also provides a platform for political refugees, avoidance of censorship by authoritarian regimes, whistle blowing and activism to mention a few.”
Selck-Paulsson said while she was aware of the sale of Covid-related items on the Dark Web, she said it was difficult to estimate the demand in South Africa.
“The Dark Web cannot be indexed, so it is also hard to know the full extent of Covid-related listings and offerings.”