Security researchers at cybersecurity firm Check Point Software said they discovered lists for Covid-19 vaccines from different brands, such as AstraZeneca and Johnson & Johnson, for up to $ 1,000 per dose, as well as at least 20 vaccine certificates for $ 200 each.
The dark web is part of the internet undetected by search engines where cybercriminals often sell and buy illicit material, from credit card numbers and drugs to cyber guns and now, apparently, coronavirus-related products.
A spokesperson for Check Point told CNN Business it was uncertain whether the vaccines were real, but said “they appear to be legitimate” based on photos of the packaging and medical certificates. Ads for vaccines on the dark web have increased 300% in the past three months, according to the report.
Meanwhile, vaccination certificates – or proof of vaccination cards – are created and printed to order; the buyer provides the desired name and dates on the certificate and the seller responds with what Check Point says looks like an authentic card.
The Centers for Disease Control and Prevention (CDC) logo, including an image of an eagle, is featured in the upper right corner of fake vaccine cards, just like on real ones. A spokesperson for Check Point said the company estimates that “sellers are capable of producing fake vaccination cards in the thousands, or even in the tens of thousands, depending on demand.”
Also on sale: negative Covid-19 test results for $ 25 (or ‘buy 2, get third free’).
Some experts say illegal markets around vaccine cards and digital passports are inevitable. “Not everyone has access to the vaccine; deployments are slow in many countries and people are tired of lockdowns and curfews, ”said Michela Menting, who covers cybersecurity for ABI Research. “If people can easily get hold of a fake passport to avoid the restrictions, then they will, and an illicit market will develop around it. ”
The news comes as government agencies are warning people to stop posting photos of their vaccine cards on social media to avoid potential identity theft or be the target of phishing schemes.