Feds Shut Down Fake COVID-19 Vaccine Phishing Website
Latest in cybersecurity.
‘Freevaccinecovax.org’ claimed to be that of a biotech company but instead was stealing info from visitors to use for nefarious purposes.
Federal law enforcement in Maryland has shut down a fraudulent website targeting immigrant communities that claimed to be for a company developing a COVID-19 vaccine. Instead, the site was stealing information from people with the purpose of using it for future cybercriminal activity.
The U.S. Attorney’s Office for the District of Maryland, working with Homeland Security Investigations (HSI) in Baltimore, seized “Freevaccinecovax.org,” “which purported to be the website of an actual biotechnology company developing a vaccine for the COVID-19 virus,” according to a release on the office’s website posted earlier this week.
Instead, the site was collecting personal information from people who visited it “in order to use the information for nefarious purposes, including fraud, phishing attacks, and/or deployment of malware.”
The site used trademarked logos for Pfizer, the World Health Organization (WHO) and the United Nations High Commissioner for Refugees (UNHCR) on its home page to dupe visitors into thinking it was a legitimate site, according to the release. It collected visitor information by using a drop-down menu asking people to select their city and then apply for information by downloading a PDF file to their computers.
The PDF that the site offered to users was written in Cyrillic, suggesting that fraudsters were targeting immigrant communities of people from former Soviet countries of Belarus, Khazakstan, Russia, Turkmenistan and Ukraine, who use Cyrillic script in their native languages. A domain analysis conducted by HSI indicated the domain name was created on April 27, using an IP address located in Strasbourg, France and a registrant country listed as Russia.
“It’s a scary thought but what HSI wants the public to understand is, all a bad guy needs to defraud thousands of Americans in search of COVD-19 information is the ability to create a website combined with malicious intent,” said James Mancuso, special agent in charge for the HSI Baltimore Field Office. “We must make an example of these perpetrators in order to deter others from committing these crimes against an unsuspecting and vulnerable internet user.”
Clicking on the site now greets users with a message that the site has been seized by the federal government and redirects them to another site for additional information. Seizing the site also means that third parties can’t use the name and use it to commit additional crimes, according to the feds.
COVID-19 Vax Attracts Crooks
Indeed, since news of their development, the various vaccines for COVID-19 of been of great interest to cybercriminals. Before they were available extensively, threat actors focused on stealing research and development (R&D) plans for the vaccines in cyber-espionage campaigns.
More recently, attacks have been aiming to benefit financially from people’s interest in getting the vaccine, something acknowledged by Acting U.S. Attorney Jonathan F. Lenzner, who said the latest domain seizure was the ninth fraudulent website shut down for “seeking to illegally profit from the COVID-19 pandemic.”
Indeed, upon vaccine rollout last December, cybercriminals leveraged various tactics, from simple phishing scams all the way up to sophisticated Zebrocy malware campaigns, to take advantage of the widespread media attention around the distribution of the vaccines.
Lenzner said the federal government will continue to “aggressively prosecute fraudsters” who aim to prey on people’s misunderstanding of how the vaccine is distributed. These misconceptions may especially be present in immigrant communities who don’t have the inherent understanding of the U.S. medical system’s rollout of the vaccine.
“Members of the public should not provide personal information or click on links in unsolicited emails and should remember that the COVID-19 vaccine is not for sale,” he warned in a press statement.
Join Threatpost for “Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks” – a LIVE roundtable event on Wed, May 12 at 2:00 PM EDT. Sponsored by Zoho ManageEngine, Threatpost host Becky Bracken moderates an expert panel discussing best defense strategies for these 2021 threats. Questions and LIVE audience participation encouraged. Join the lively discussion and Register HERE for free.
via Threatpost https://threatpost.com
May 5, 2021 at 06:25AM