Andrea (not her real name) got a job as a dancer abroad last October. He did not have the complete vaccination schedule, according to what he says because he had recently passed the virus. With that information it was enough to get on the plane at El Prat Airport, in Barcelona, but not to enter the country of destination, where a Covid passport was required. He decided to acquire one on the black market. He contacted some alleged hackers who advertised their services on Instagram. After paying them 800 euros through Bizum and giving them his personal data, he never heard from them again. “They sent me a document touched with Photoshop with a QR code that when a reader passed it, a person named Gabriel appeared,” he assures EL PAÍS through a social network. Embarrassed by her naivety, she did not report the scam to the police. How was he going to do it if what he wanted to buy was illegal?
Cybercriminals have seen a gold mine in the pandemic. Andrea’s case illustrates how some who seek false vaccination certificates are taken advantage of. But the fact is that this black market exists (for those who are able to get around the scammers), and the prices that are being considered are not low. A recent study by Check Point Research, the investigative service of the Israeli cybersecurity multinational, has detected a large increase in fees. If in October they paid an average of about 250 dollars for a false passport and 25 for a negative PCR test, in January they were around 600 and 100, respectively.
The sale of false vaccination certificates began to attract the attention of the authorities before last summer, when the EU agreed, with a view to the summer campaign, to launch the so-called Covid passports. These are documents that can be carried on the mobile in the form of a QR code with which citizens can prove that they have the complete vaccination schedule, that they have recently passed the virus and therefore have some immunity or that they have tested negative for a PCR or antigen test.
Fakes are mainly distributed from Telegram or the dark internet (dark net) and the preferred payment method is cryptocurrencies, especially bitcoin. “Digital currencies have a very desirable property for these types of criminals: you can’t go back. Once the transaction has been made, it is recorded forever in the block chain book, you cannot go to the bank and ask them to withdraw the payment”, says Eusebio Nieva, technical director of Check Point Software for Spain and Portugal. . “They also make tracing difficult, but they don’t make it impossible: you always know which card or virtual wallet the bitcoin came from and where it went.”
You don’t have to be a computer wizard to purchase one of these counterfeit products. In the advertisements of the Telegram channels themselves, at least in those whose business is not to swindle the interested party but to actually sell him a false document, detailed instructions are provided on how to buy the bitcoins (or the cryptocurrency that is requested) and make the transaction, the links to go to get the cryptocurrency and the account to make the transfer to are provided.
Of course, there is no guarantee that the bidder will actually do the job or just want to make some easy money without offering anything in return. “In the dark net you can get drugs, weapons, organs, also forged certificates and official documents of very good quality”, explains Deepak Daswani, hacker and cybersecurity consultant. “But this is like everything: the first ads you find on the dark web, the easiest to see, will be scams. Getting to this type of service is not that easy, many times an invitation is needed, someone you trust has to give you the necessary links”. If criminal activities were available to everyone, it would be very easy to intervene in them.
A scam on the rise
The other side of the coin is represented by suckers like Andrea. There are and many, which is why they do not stop proliferating advertisements of alleged counterfeits. At the close of this edition there was at least one active group on Telegram in Spain active since November, with more than 33,000 subscribers and looking like a scam. The ad promises a Covid passport in one day in exchange for 300 euros and providing passport information.
The National Institute of Cybersecurity (Incibe) warned already in September of last year that they were detecting scams related to the sale of false documents. “We want to highlight that the action of wanting to buy a covid certificate is illegal. But also that, in turn, by committing this illegality, they may be the object of fraud because they never get to send them those certificates and they lose the money, that or if they pay with the credit card they steal the data and continue doing it afterwards fraudulent payments”, points out Ángela García Valdés, cybersecurity technician for citizens of Incibe.
“Sellers are choosing to advertise and do business on Telegram because it scales their distribution. The use of this social network is less technical compared to the dark web and can reach an inordinate amount of people very quickly”, warns Oded Vanunu, head of product vulnerability research at Check Point Software. Some ads analyzed by the company are aimed at people “who do not want to receive the vaccine.” One of the advertisements found by analysts explicitly stated: “We are here to save the world from this poisonous vaccine.”
Vaccination certificates, also known as Covid passports, were launched in July. A few months earlier, between March and May, some analysts, such as those at Check Point Research, detected a 500% rise in the number of fake certificate sellers. In August, already in the middle of the holiday campaign, the observatory of the Israeli company estimated that there were some 2,500 active Telegram groups throughout Europe in which false certificates were offered, with an average of some 100,000 followers per group and with some exceeding 450,000 individuals. The Delta variant was spreading rapidly. Anyone who wanted to have an apparently valid certificate without getting vaccinated had to prepare an average of 100 dollars.
By September, the company had more than 10,000 suspected fake covid passport dealers on its radar. The demand was such that a Telegram bot was even detected in Austria that manufactured false certificates: after entering the personal data of the interested party, they received a pdf with the QR ready.
Another method of deception by cybercriminals, discovered in September, consists of claiming to have access to a supposed European database of vaccinated people. They offer interested parties to register them there in exchange for money. But such database does not exist.
#False #vaccination #PCR #certificates #lucrative #business #hides #scam