As the world braces for a dark winter under the shadow of the COVID-19 pandemic, there is light at the end of the tunnel with the recent approval of two vaccines by health authorities in two western nations.  The toll of the current pandemic has been devastating, and it has inflicted humans and caused tremendous economic damage.  Globally, 75.2 million cases have been reported with 1.67 million deaths.  The US, though not the most populous nation, tops the list with over 17.4 million reported cases and more than 313,000 reported deaths.  As with any tragedy, scammers are readying themselves to profit from fear, uncertainty and the misfortune of others.

Scammers Preparing Fake Sites

Scams can take many forms, but in the online world, it usually starts with a domain registration.  This is an act of reserving a name, also known as a web address, with an accredited registrar.  Registering a domain provides you the right to set up a website and establish an Internet presence.  The registration of domains is usually a leading indicator that scammers are preparing digital assets to profit from illicit campaigns.

The chart below shows the number of domain registrations containing the words “vaccine” and a combination of the words “COVID” and “vaccine.”  There was a sharp uptick in the first quarter of 2020, with a huge spike in March, when the World Health Organization declared a global pandemic.  In total there are 12,490 new domains containing either the word “vaccine” or both of the words “vaccine” and “COVID”  registered in 2020, more than 1,000 every month on average.  Our analysis shows that 6,104 sites are already weaponized or suspicious, meaning that we see clear signs of these sites being prepared to be used for criminal campaigns. All of them have been activated and could be used by criminals at any point.  In some cases, the website content has not been activated, but that is as simple as flipping a switch.  In other cases, they have added email capability to send emails from these domains for phishing campaigns.

COVID-19 Vaccine with Free Shipping

Vaccine scams are already appearing online.  The site below promotes the “World’s First Consumer COID-19 Vaccine,” with free shipping!  Sinovac is a Chinese life sciences company offering a vaccine called CoronaVac, approved by China for use with high-risk groups.  The company has also secured deals with Brazil, Turkey, Singapore, and Indonesia.  The vaccine is still in phase 3 trials, so any rollout of this vaccine to large populations should be viewed as an unofficial extension of a clinical trials.

Though the vaccine is real, the site is clearly fake.  A detailed analysis by Bolster Research uncovers several data points that clearly indicate this is not a real vaccine site.
• The domain is registered in Panama and uses a service that conceals the identity of the domain owner
• The address and phone number of the company are shared by other businesses including a waterless car wash service and a talent management agency
• The site sells the vaccine with free shipping.  However, the Sinovac vaccine must be refrigerated at a temperature of 35.6 to 46.4 degrees Fahrenheit to maintain its efficacy.  There is no way to ensure this without costly specialized shipping containers.

Scammers Targeting Vaccine Companies

In the US, two companies are currently distributing their COVID-19 vaccines after receiving official FDA approval.  Pfizer partnered with the company BioNTech and was the first to receive FDA approval.  Moderna’s vaccine also received approval, and they are working with healthcare organizations on distribution.  Reviewing domain registration data confirms that both companies experienced tremendous spikes, and this indicates that there are likely to be vaccine scam campaigns using these typosquat sites.

Bolster research discovered 3,596 new domain registrations containing “Moderna” in 2020.  The volume of domain registrations spiked in March, and then dramatically increased in September as the company made significant progress on the vaccine.  The chart below illustrates a noticeable increase with only 114 new domain registrations in January and 500-600 expected in December.

Domain registrations containing the words “Pfizer” and “BioNTech” experienced a smaller spike than Pfizer in March, but then saw an exponential spike in the fourth quarter of this year.  Pfizer is more well known, so it is not surprising that most of the typosquat domain registrations are for Pfizer.  Combined, the total number of domain registrations containing the names of the two companies went from 13 in January to 343 in December.  The total number of new domains registered using the names of these two companies was 973 in 2020.

Patients Beware!

Health systems across the US are preparing for the logistical challenges of mass inoculations to pull the nation out of this horrible pandemic.  Vaccine companies are gearing up manufacturing and working out the operational details to ensure supply chain integrity.  Throughout this process, there is expected to be chaos and confusion as people seek vaccinations to return to normalcy as soon as possible.

Scammers are also preparing to profit from this chaos, taking advantage of people who are desperate.  Selling fake vaccines is one scam, as highlighted earlier in the blog.  Other types of possible scams include:
• Home kits to produce your own vaccine using raw ingredients
• Priority lists that allow you to jump to the head of the line
• Reselling “excess” vaccine inventory from an exclusive source
• Paid for waitlists that allow you to bypass other people
• Alternative vaccines that work as well as the real vaccines
• Purchasing a spot from somebody who already has an appointment
• Spreading of false data or news to scare people from getting vaccinated

People need to be wary and only seek inoculations from their primary care providers.  Although unlikely, the pharmaceutical companies should take steps to minimize damage from scammers preparing to launch fraud campaigns.  This also creates an environment of trust and safety on the Internet and protects brand integrity, ensuring patient trust in products and services.

*** This is a Security Bloggers Network syndicated blog from Bolster Blog authored by Young-Sae Song. Read the original post at: https://bolster.ai/blog/leading-indicators-foreshadow-covid-19-vaccine-scams/