Feds Shut Down Fake COVID-19 Vaccine Phishing Website

‘Freevaccinecovax.org’ claimed to be that of a biotech company but instead was stealing info from visitors to use for nefarious purposes.

Author: Elizabeth Montalbano

Federal law enforcement in Maryland has shut down a fraudulent website targeting immigrant communities that claimed to be for a company developing a COVID-19 vaccine. Instead, the site was stealing information from people with the purpose of using it for future cybercriminal activity.

The U.S. Attorney’s Office for the District of Maryland, working with Homeland Security Investigations (HSI) in Baltimore, seized “Freevaccinecovax.org,” “which purported to be the website of an actual biotechnology company developing a vaccine for the COVID-19 virus,” according to a release on the office’s website posted earlier this week.

Instead, the site was collecting personal information from people who visited it “in order to use the information for nefarious purposes, including fraud, phishing attacks, and/or deployment of malware.”

The site used trademarked logos for Pfizer, the World Health Organization (WHO) and the United Nations High Commissioner for Refugees (UNHCR) on its home page to dupe visitors into thinking it was a legitimate site, according to the release. It collected visitor information by using a drop-down menu asking people to select their city and then apply for information by downloading a PDF file to their computers.

The PDF that the site offered to users was written in Cyrillic, suggesting that fraudsters were targeting immigrant communities of people from former Soviet countries of Belarus, Khazakstan, Russia, Turkmenistan and Ukraine, who use Cyrillic script in their native languages. A domain analysis conducted by HSI indicated the domain name was created on April 27, using an IP address located in Strasbourg, France and a registrant country listed as Russia.

“It’s a scary thought but what HSI wants the public to understand is, all a bad guy needs to defraud thousands of Americans in search of COVD-19 information is the ability to create a website combined with malicious intent,” said James Mancuso, special agent in charge for the HSI Baltimore Field Office. “We must make an example of these perpetrators in order to deter others from committing these crimes against an unsuspecting and vulnerable internet user.”

Clicking on the site now greets users with a message that the site has been seized by the federal government and redirects them to another site for additional information. Seizing the site also means that third parties can’t use the name and use it to commit additional crimes, according to the feds.

“The domain itself and the operation associated with it illustrate just how useful the COVID-19 pandemic has been for malicious actors looking to cash in on other people’s misery,” Eric Howes, principal lab researcher at KnowBe4, said via email. “A bogus vaccine website offers bad actors a wide range of potential social-engineering schemes, from offers for free access to vaccine supplies to bogus investment schemes. COVID-19 has been the gift that keeps on giving for fraud artists over the past year.”

COVID-19 Vax Attracts Crooks

Indeed, since news of their development, the various vaccines for COVID-19 of been of great interest to cybercriminals. Before they were available extensively, threat actors focused on stealing resear