Search This Blog

Showing posts with label Covid-19 Vaccinations. Show all posts

Hacker Hacks Underground Covid Vaccine Market On Dark Web

 

In a recent cybersecurity incident, an attacker hacked down a vaccine marketplace that was running on the dark web. The attacker then placed fake orders, cancelled them after making a refund in Bitcoins worth $752,000, a report released on Thursday says.  As per a blog on the market's forum, the attacker managed to find a way to make fake orders, which he cancelled immediately using the seller account of the trader, and immediately made the refunds in the wild, which was withdrawn in an instant. 

Checkpoint research says the method allowed a hacker to make 13 Bitcoins (BTC), an amount equal to $752,000. Currently, the vaccine marketplace on the dark web which was selling these products is down because of the hack.  But, the attack hasn't put a stop to the sale of Covid-19 relief products on the dark internet. Following the marketplace shutdown, another hacking forum was framed using the same address, offering various ads along with Covid-19 vaccines (documents included) and that too on heavy discounts for promotional purposes.  

Cybersecurity experts recently found out that fake Covid-19 vaccine certificates and duplicate Covid-19 test results were being sold on dark internet and hacking platforms for amount as low as Rs 1800 ($25) and up to Rs 18,000 ($250) for people that are looking to book flights, travel across borders, finding a new job or attending a function.  If an interested user wants to get these 'fake certificates,' he can simply obtain them by sending their details and money to the seller on the dark web, the seller will then e-mails back the forged documents for $250. 

Research from Checkpoint revealed that fake negative Covid-19 test results are available on the dark web for a mere amount of $25.  Covid-19 vaccine ads on the darknet have had a 3 fold increase since the last three months. The selling forums on the dark internet are based from European countries like Spain, Russia, France, and Germany. According to experts, "The vaccines advertised include Oxford-AstraZeneca (at $500), Johnson & Johnson ($600), the Russian Sputnik vaccine ($600) and the Chinese SINOPHARM vaccine." Checkpoint research says, "as a result, the marketplace is down completely since, and at this point of time is yet to be restored online."

NHS Urged Public to Remain Vigilant Regarding Fake Covid-19 Vaccinations

 

Fraudsters are tricking people in the UK via fake Covid-19 vaccination invites, scammers are posing to be from the UK’s National Health Service (NHS), and are sending fake emails including a link to enroll for the vaccine.

NHS has alerted the public by tweeting on their official account that no registration is required for the real vaccination. We would never ask for bank details, verification of documents such as your passport, driving license, bills, or payslips, and no payment is required for the vaccination.

The multiple variants of phishing emails are floating around the internet but they all point towards the NHS, claiming a message from the NHS website ‘noreply@nhs.gov.uk’ (the original NHS website is NHS.uk). Scammers are using mail subject identical to “IMPORTANT – Public Health Message. Decide whether if you want to be vaccinated”.
 
Cybersecurity consultant Daniel Card explained that traffic data is suggesting fraudsters have tricked thousands of recipients to click on the fake website but it remains unclear how many recipients have filled in the form. National Cyber Security Centre and Action Fraud have urged people to report scam emails or texts.

Health secretary Matt Hancock stated that “vaccines are our way out of this pandemic, it is vital that we do not let a small number of unscrupulous fraudsters undermine the huge team effort underway across the country to protect millions of people from this terrible disease”.

This was not the first phishing campaign related to the covid-19 vaccination, at the start of this month fraudsters sent bogus text messages to the recipients posing to be from the NHS and asking recipients to register for a vaccine and provide bank details for verification.