How one phony vaccine website tried to capture your personal information
Recently seized by the government, the site spoofed an actual company developing a coronavirus vaccine in an effort to steal personal data for malicious purposes.
Image: U.S. Attorney’s Office for the District of Maryland
With the rollout of the COVID-19 vaccines, cybercriminals have been devising phishing campaigns and phony websites designed to entrap people interested in the latest developments. One site, since taken down by the state of Maryland, was impersonating a vaccine maker with the intent of collecting personal information from unsuspecting users.
SEE: Coronavirus and its impact on the enterprise (TechRepublic Premium)
In a news release published Monday, the U.S. Attorney’s Office for the District of Maryland revealed that it had seized a website called freevaccinecovax.org. Allegedly the site of a real biotechnology firm developing a COVID-19 vaccine, it was actually set up to collect personal data from visitors and use that information for fraud, phishing attacks and malware. Anyone who now browses to the site will see a message that the domain name has been seized in accordance with a warrant.
When the site was up and running, its homepage displayed logos for Pfizer, the World Health Organization and the United Nations High Commissioner for Refugees, all in an attempt to appear legitimate. To reel in users, the site included a menu to select your city and an Apply button that would download a PDF to your computer. You’d be encouraged to fill out the PDF and then upload it back to the site, allowing the criminals behind this attack to capture your personal data.
Based on analysis by Homeland Security Investigations, the domain name was registered on April 27, 2021, using an IP address in Strasbourg, France, though the listed registrant country was Russia. By seizing the site, the state of Maryland not only prevents people from accessing it but stops third parties from taking over the domain name and using it to commit other crimes.
“It’s a scary thought, but what HSI wants the public to understand is all a bad guy needs to defraud thousands of Americans in search of COVID-19 information is the ability to create a website combined with malicious intent,” James Mancuso, special agent in charge for the HSI Baltimore Field Office, said in the news release. “We must make an example of these perpetrators in order to deter others from committing these crimes against an unsuspecting and vulnerable internet user.”
EE: Research: Video conferencing tools and cloud-based solutions dominate digital workspaces; VPN and VDI less popular with SMBs (TechRepublic Premium)
Acting U.S. Attorney for the District of Maryland Jonathan Lenzner said this was the ninth phony website aimed at profiting from the COVID-19 pandemic that the state has seized. Lenzner warned people to avoid providing personal information or clicking on links in emails and remember that the COVID-19 vaccine is not for sale and is being offered to U.S. citizens free of charge.
Though taking down even one fraudulent website is worthwhile, others will certainly pick up the slack.
“A bogus vaccine website offers bad actors a wide range of potential social engineering schemes, from offers for free access to vaccine supplies to bogus investment schemes,” KnowBe4 Principal Lab Researcher Eric Howes said. “While authorities are to be lauded for shutting down this domain, one wonders how many more of them pushing similar fraudulent schemes are out there on the internet. Moreover, how long will it be before the parties behind this operation simply set up another domain and continue their operations?”
Howes called personal information the lifeblood of many operations on the web, ranging from legitimate social media platforms to online advertising networks to outright criminal schemes.
“And users have historically proven all too willing to provide their private information in exchange for something of dubious value or benefit, despite those users claiming in poll after poll to be very concerned about their own personal privacy online,” Howes added.
Cybersecurity Insider Newsletter
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays
