Scammers Selling Fake #COVID19 Vaccination Cards for Just $20

Fraudsters are setting up Shopify-backed online stores to sell fake COVID-19 vaccination cards to anti-vaxxers, according to DomainTools.

Due to the decentralized nature of the US healthcare system, the cards, which carry the logo of the US Centers for Disease Control and Prevention (CDC), were judged to be the simplest way the authorities can keep track of who has had the jab.

Yet with 13% of Americans stating they will refuse the vaccine, there has now emerged a black market for those who still want to enjoy the benefits immunisation will bring as towns and cities start to relax lockdowns.

The security firm claimed to have seen authentic-looking cards selling for as little as $20 each on domains like covid-19vaccinationcards[.]com, which features a Let’s Encrypt TLS certificate.

“Though selling a printed card is not necessarily illegal, the pricing, logo and cardstock of these ‘vaccination records’ demonstrate a level of intent to pass as legitimate cards from the CDC,” explained DomainTools senior security researcher, Chad Anderson.

“The DomainTools research team has reached out to Shopify regarding this site and is monitoring for similar instances of COVID-19 vaccine cards.”

Those already in receipt of legitimate cards have been posting photos on social media, leading to warnings from fraud experts that scammers may be able to copy batch numbers and other details to help craft counterfeits.

Anderson claimed DomainTools has observed over 18,500 Shopify stores selling COVID-themed products, including fraudulent home tests and non-medical grade PPE, although not all of these are illegal/counterfeit.

“As scams continue to shift with these new themes, we urge users to be extra vigilant when signing up for medical services online as many phishing scams, both over text message and email, are already appearing leveraging COVID-19 vaccinations as a lure,” concluded Anderson.

“Furthermore, we’d encourage you to not pay for anything through a web portal if it isn’t through your official healthcare provider.”

What’s Hot on Infosecurity Magazine?