As the Coronavirus Disease 2019 (COVID-19) pandemic drags on, the governments of the United States and Europe have increasingly forced citizens to provide proof of vaccination or follow standard operating procedures in an attempt to curb the spread of the SARS-CoV-2 virus amongst the working community.
The topic remains highly controversial and is criticized by many as a violation of human rights. Moreover, a recent preprint study of patients in the Mayo Clinic Health System found that the Pfizer-BioNTech vaccine was only 42% effective at preventing COVID-19 cases in July 2021. The Moderna vaccine was only 76% effective.
Nevertheless, citing the spreading of the Delta variant, the U.S. government announced that federal workers are required to either get inoculated or undergo regular testing, wear masks in virtually all settings, and adhere to social distancing guidelines. State employees in California are required to be vaccinated or undergo weekly testing, while New York City requires proof of vaccination for customers and staff at restaurants and gyms. In recent weeks, a surge in fake vaccination certificate sales has been observed.
Fake certificates in the U.S.
Government investigators and cybersecurity experts reported that several schemers have been offering fake certificates on social media sites, messaging apps like Telegram, and on the dark web. Fake vaccination cards supposedly presented by the Centers for Disease Control and Prevention (CDC) have emerged on marketing sites.
A bar owner in California was arrested on charges of identity theft, forgery of government documents, and medical record falsification, after being implicated in the sale of fake cards for twenty dollars each.
A licensed homeopathic doctor in the same state was arrested for selling “Covid immunization pellets,” providing fake CDC cards stating that patients had received the Moderna vaccine and giving blank cards with instructions on how to fraudulently fill them out.
According to security experts, the white CDC-issued cards are easy targets for forgery, while a single federal digital card would be easier to verify.
Situation in Europe
The European Union’s digital certificate is more secure, with a dedicated QR code for each person. However, fake versions of the certificate are still being distributed. Italian police commander Ivano Gabrielli said that about five hundred copies have been sold in the past few months, mainly through Telegram.
“The sellers try to get the word out by posting vague information on well-known social-media platforms, but their goal is to get you to migrate over to an encrypted messaging app,” said Mr. Gabrielli. Despite efforts by Telegram to shut down channels selling fake certificates, new channels continue to crop up.
Mr. Gabrielli stated that sales intensified when Italy introduced a new digital certificate required for some events and travel. Hackers were potentially able to gain access to the national vaccination database and alter data, posing a serious cybersecurity threat.
In France, prosecutors confirmed that six suspects were charged for fraud, as they were implicated in making and selling fake vaccination cards, a crime punishable with a fine of up to 45,000 euros and three years in prison. Four hundred buyers were identified, but the French police believe that the actual number could be three times as high.
Miro Dittrich, a researcher at the Center for Monitoring, Analysis and Strategy in Germany, stated that fake certificates are also being offered on the dark web, but buyers have not fallen for the trap so far. Due to the restrictions imposed by the government, sellers have moved to Telegram, and the demand for certificates has skyrocketed.
Dmitry Galov, a researcher of cybersecurity firm Kapersky, said, “For years, people have sold counterfeit documents of all types – things like diplomas or medical certificates… Some of the scams we’re seeing offering codes or certificates are similar to old ones, in that they often don’t deliver anything – they just leave users without money or documents.”