While the global roll-out of COVID-19 vaccinations continues to accelerate, it’s worth remembering that only around 1% of the world’s population have received their full course of injections. Billions are still waiting for their first dose, which inevitably leads those people to question exactly when they will get it. Especially as plans are being made internationally to allow those that have been vaccinated, or can prove they have had a recent negative test, the freedom to travel to other countries, attend large-scale events, take a new job, and more.
So there’s a strong and growing demand for vaccinations and test results because of the greater freedoms they will give to people. And of course, there will always be people who don’t want to wait for their official vaccination, or for an official negative test result – and shady people willing to service that demand. Back in January, we reported how there were hundreds of advertisements on the dark net were advertising COVID-19 vaccines for sale from $500 – and now the number of adverts has more than tripled to over 1,200. Further, vendors are also offering a range of fake vaccination certificates and negative test results to people who need proof of either.
In this report we show the latest updates on the sharp increase in adverts for COVID-19 vaccines from the Darknet. We also show several examples of how negative COVID-19 test results are being offered to buyers who are willing to pay for them, with examples of these custom-made documents that appear authentic and genuine.
In addition, we show examples of vaccination ‘certificates’, being manufactured, created and printed to order, ready to be used to enable people to board planes, cross borders or for any relevant activity that requires a person to give proof that they have been vaccinated.
As we previously reported, a range of counterfeit coronavirus vaccines are offered, often touted from just $500 per dose. In recent weeks our researchers have spotted an increasing amount of advertisements for vaccines within Darknet markets: currently numbering over 1,200, with sellers based in the U.S. and European countries including Spain, Germany, France and Russia. This represents over a 300% increase since January 2021. The vaccines advertised include Oxford – AstraZeneca (at $500), Johnson & Johnson ($600), the Russian Sputnik vaccine ($600) and the Chinese SINOPHARM vaccine
As a mean to prepare society for restarting tourism, flights routine and border crossing, the European commission, the EU’s executive arm, has proposed a vaccination certificate to be used as the ultimate ‘door opener’ across countries and societies. The commission suggested that EU citizens should be allowed to use a “digital green certificate” to prove that they have been vaccinated against the virus; that they have received a negative Covid-19 test; or they have recovered after contracting the coronavirus.
In other words, the vaccination certificate, for the foreseen future, will become the passport, bilaterally agreed between countries, which will give holders an entrance ticket to, and enable them to participate in many activities (e.g. live shows, cultural activities and entrance to public areas).
It seems that various threat actors and hackers have quickly realized the potential market for fake documents, and have been quick to grab the monetization opportunity.
In this ad, vaccination certificates are offered for the price of 10,000 RUB (approx. $135)
On a different ad on the Darknet marketplace, a seller, supposedly from the U.K., offers a vaccination card for $150, accepting crypto currencies as the payment method.
Our researchers reached out to one of these Darknet sellers to understand the process, and get as many details as possible regarding delivery, price and authenticity. To our question regarding a signature of a physician on the certificate and indicators of its authenticity, the seller reassured us they have done this many times previously, for many people and had no issues with it. All we needed to do was provide the exact names and dates we wanted on the certificate (of the vaccinations supposedly made), and pay $200. “You don’t have to worry…It’s our job….We have done this to many people and it’s all good,” the vendor told us.
In this example, the user offers an official certificate from a clinic in Moscow for citizens of the CIS, which makes crossing the borders of Russia possible. The lucrative offer goes out for a “Service pack” which costs 8000 Rub (approx. $110).
In reply, a prospective buyer queries whether this has already been used and were there any problems reported, to which the seller replies that “many people already passed (the borders) with it”.
A different hacking forum touted COVID-19 (negative) test results on sale with the following announcement: “We do negative covid tests, for travelers abroad, for getting a job etc. Everything is done within 24 hours, without big collaterals. The publishers promise “High quality” and the following sale opportunity: “Buy 2 negative tests and get the 3rd for free!”
In addition to the Darknet and hacking forums, we’ve also spotted different websites that offer the ability to quickly create of authentic-looking negative COVID test documents, created promptly according to data input by users, in a very friendly user interface, for just $25.
Results are produces within 30 minutes and are sent discreetly to users’ email inbox.
Though the website clearly states that the documents are not genuine test results, and goes on to highlight that the user must understand and agree that they will not use this website, any information contained within this website, or any fake negative COVID Test generated by this website to commit a crime, hurt, damage, injure, or otherwise maliciously mislead or deceive any other person or organization …. despite this, the results are very authentic and professionally made, and can potentially be used to fake negative test results.
As our societies struggle to return to pre-COVID norms, a negative COVID test result or a vaccination certificate is becoming the golden key that will unlock restrictions and enable people to move and mingle with greater freedom. And of course, this creates an opportunity for criminals and scammers to exploit those people who are willing to risk using fake documents to achieve that freedom.
As COVID-19 is likely to play a major role in dictating what we as individuals can and cannot do in our daily lives for the foreseeable future, countries’ Governments should be aware of this fast-growing illegal and dangerous trend for fake vaccination certificates and “official” medical records being sold and produced to whoever wishes to pay for them. Check Point Researchers will continue to closely monitor troubling trends on the darker sides of the Internet.
