Rise of Online Vaccination Scams- India

By Lucy Rana and Sanjana Kala

With the COVID-19 pandemic at its peak and subsequent waves still ravaging parts of the world, the need for vaccines, infrastructure and information to combat the virus has escalated manifold. Governments and pharmaceutical companies are now working hand-in-hand to ramp up production and distribution of vaccines to prevent further contagion amongst the population. However, it wasn’t long before health and state bodies had to face the plague of misinformation spread by nefarious elements. This accompanied with the immense amount of panic amongst people has now fuelled a trend of counterfeits and opportunistic fraud committed by people looking to take advantage of the gap in supply and demand. Interestingly, the pandemic has seen a rise in instances of fraud and counterfeiting perpetuated, in large part, by online channels such as:

Fraudulent domain name registrations or cybersquatting;
Hoax websites mirroring the look and feel of genuine companies engaged in healthcare;
Fake listings on the dark web;
Misleading messages on social messaging applications;
Search algorithms and paid advertisements on online search engines;
Fake listings on social media platforms;
Phishing emails impersonating government authorities;
Fake requests for charitable donations;

This article focuses on the rise of fraudulent domain name registrations and illegal websites that have cropped up specifically after the announcement of largescale vaccination drives all around the world.

FRAUDULENT DOMAIN NAME REGISTRATIONS

WIPO in a recent decision in Pfizer Inc. v. Registration Private, Domains By Proxy, LLC / Juan Beltran[1] dated March 18, 2021 relating to the domain <pfizermx.com> found opportunistic bad faith on part of the Respondent owing to the fact that the impugned website (linked to the aforesaid domain name) mirrors Pfizer’s website “www.pfizer.com” and falsely purports to offer Pfizer’s COVID-19 vaccine for sale. The domain <pfizermx.com> was thereafter transferred to the Complainant, Pfizer.

It is pertinent to mention that in 2020 WIPO handled 4,204 cybersquatting cases which was nearly a 14% increase over the year 2019.

Cyber squatters are now not only using similar/identical domain names but are also using another technique called ‘typosquatting’ wherein a very minute and purposeful change is made to the original domain name by changing the font and/ or spelling of a single letter in the domain so as to make the said change undetectable to an average consumer.

DomainTools reported that more than 150,000 new, high risk COVID-19-themed domains have been registered since December 2019. The report stated that since the most valuable space in the internet is .com, it is also the most valuable space to carry out typosquatting. Further, it was revealed that the industry’s most attractive domains for typosquatters to target are financial institutions or organizations that sell medicine.[2] As per Cybercrime Magazine’s data feed file for February 17, 2020, seven more newly registered domains with the keyword “coronavirus” were revealed as below:

coronavirus-insurance.com
com
world
earth
com
com
com

ILLEGAL WEBSITES

The National Intellectual Property Rights Coordination Center, (an investigative arm of the U.S. Department of Homeland Security) has removed 30 websites and seized 74 web domains in connection with fraud related to the Covid-19 pandemic.[3] As per an investigation by the U.S. Department of Homeland Security, a sham website was offering doses of Moderna’s Covid-19 vaccine for $30 each and claimed that consumers may be able to buy a Covid-19 vaccine ahead of time. Other fake websites posing as Pfizer Inc. and BioNTech SE have also popped up prompting U.S. Homeland Security to analyse almost 80,000 Covid-19 domain names as of February, 2021.[4]

The United States, Mexico and other countries have seized and taken down dozens of websites fraudulently claiming to sell shots or an affiliation with vaccine makers such as Moderna and Pfizer. The fake, company look-alike websites appeared to be seeking consumers’ personal information to be used in identity-fraud schemes.[5] These scam attempts also involved simple tools and everyday payment methods, often luring unsuspecting consumers through paid advertisements and search algorithms on search engines such as Google. One such instance is the fraud website at www.coronavirusmedicalkit.com which claimed to sell vaccines for COVID-19 by way of DIY vaccines kits containing a non-existent vaccine and instructing consumers to administer it with water. The website carried photographs of the purported medical kit along with a Fedex form asking for the customers’ credit card information. The website was then shut down by the U.S. Department of Justice[6].

Another growing trend is mimicking companies manufacturing leading COVID-19 vaccines with the aim to collect personal information of consumers to carry out phishing attacks. For instance, a fake website under the name www.regeneronmedicals.com claimed to be linked to Regeneron Pharmaceutics Inc., (the biotechnology company that provided the vaccine used on former President Trump). Another fake website at www.mordernatx.com had the look and feel of Moderna Inc’s actual website, www.modernatx.com.[7]

LEADING VACCINES AND POSSIBLE ONGOING FRAUDS

CovaXin is primarily developed by Bharat Biotech & ICMR and is widely used in countries such as India, Nepal, Iran, Mauritius, Mexico etc. Information about this vaccine is available at https://www.bharatbiotech.com/covaxin.html. However, possible unauthentic domains appear to have cropped up in this regard:

<in>: A suspicious .IN TLD under the name <CovaXin.in> appears to be registered by an entity in Bihar. No content as of yet is being hosted therein.
< com>: This domain, registered in March 2020 by an entity in Karachi, resolves to a parked page.

Covishield manufactured by the Serum Institute of India and jointly developed by Oxford University and AstraZeneca is the cheapest vaccine in the world. Further information about this vaccine is available at https://www.seruminstitute.com/product_covishield.php. A possible fraudulent domain name registration in this regard appears to be available at:

<co.in>: Registered in July 2020 by a third party in India, no content appears to be hosted on the website for this domain as of yet.

CoronaVac, also known as the Sinovac COVID-19 vaccine, is a vaccine developed by the Chinese company Sinovac Biotech. Some possible fraudulent domain name registrations in this regard have been listed below:

<com>: This domain was created on September 2020 and currently resolves to a parked page. Notably, this domain is listed for sale.
<in>– This domain appears to be registered by an entity located in Uttar Pradesh dated December 2020. The domain resolves to a parked page.

Fake Vaccination Certificates

With the world attempting to regain the normalcy of pre-COVID times, one of the protocols followed by various countries is to monitor the influx and efflux of immunized population in their country, in order to be able to track and ensure national safety, and accordingly impose adequate restrictions. Several countries have announced the relaxation of their “travel ban” restrictions; allowing international passengers to enter their country subject to the production of their vaccinated certificates, which must be issued by the appropriate national authorities. It is safe to say that vaccination certificates in today’s time have assumed the same importance as Identification Cards, if not more. That being the state of affairs, the black market has devised unethical means to monetize the situation, by issuing fake vaccine certificates and thereby, jeopardizing public safety for the price of $200 – $250 per certificate.

According to a report by Check Point Software Technologies[1], the demand for fake certificates in the black market has spiked ten times in the recent past, fueling the expansion of the black market for fake certificates across 29 countries, including India, Singapore, and the United Arab Emirates, amongst others. According to discreet underground investigations, these fake certificates have been reported to be sold over third party instant messaging applications such as Telegram, which is currently a host to at least 10,000 vendors, having at least 3,00,000 customers.

The report also states that the demand for these certificates appears to have skyrocketed in light of the announcement made by US President Joe Biden, earlier in September 2021, mandating every American to take the vaccine. Using this to their advantage, the black market aims to mine money, particularly out of the pockets of anti-vaxxers, who wish to enjoy the privileges of a vaccinated person, without ever having to take the jab in the first place. Moreover, the supply of fake certificates has now exploded into a full-fledged industry which is striving to make the process of obtaining a fake certificate as effortless as possible, by improvising their services and introducing a more technical approach to it. For instance, the Austrian black market has programmed bots set in place to generate fake certificates for free. Moreover, to lure more clientele into the Dark net, the sellers of fake certificates have claimed to have access to the European Centre for Disease Prevention and to register their client illegally with the aforementioned database so that when the authorities check, the status of the client would reflect as being vaccinated as per the records of the European database of vaccinated people.

The kinds of forged certificates in relation to COVID-19 currently available for sale on the Dark net and Telegram groups include:

Fake ‘Vaccine Passports’
Fake digital COVID certificates
Fake CDC and NHS COVID – 19 vaccine cards
Fake PCR COVID – 19 reports

While it is commendably no less than a huge feat for countries to set up and implement defense mechanisms against the deadly virus, at such large scales in such a short duration of time, respective appropriate authorities must focus on devising more foolproof authentication and procedures for verification/issuance of certificates, during the periods between the ‘waves’ caused by the virus. Because if no action is taken against such fake certifications that gravely threaten public safety, all the progress made previously would simply become futile.

WAY FORWARD

Such unauthentic domains/websites indulging in illegal and fraudulent activities are aimed at deceiving the general public in order to derive undue monetary gains. Not only are these cyber squatters thriving on the goodwill of an established brand but at the same time putting the life of consumers at risk by exploiting public fear.

Given this, the need of the hour is for health and state bodies to take some steps to mitigate the menace of fraudulent domains and hoax websites in a swift and efficient manner. Some steps in this regard include:

Propagation of authentic and verified information by government bodies;
Active enforcement actions by brand-owners against mala fide domain name registrations including filing take-downs and domain name complaints;
Focus on quick resolution preferably within 24 hours to avoid dissemination of online misinformation.

Consumers may also take some preventive measures and exercise caution whilst perusing data relating to COVID-19 online, in the manner suggested below: