Fake vaccination certificates
Fake Vaccination Certificates gain more credibility through fake ECDC website
By Christine Schönig, Regional Director Security Engineering CER, Office of the CTO, at Check Point Software Technologies GmbH
Christine Schönig, Regional Director Security Engineering CER, Office of the CTO at Check Point
Since the beginning of the Corona vaccinations, the security researchers from Check Point Research (CPR) have been monitoring the black market for vaccines, fake vaccination certificates and tests. The scams here are versatile and there is no lack of ingenuity on the part of the perpetrators.
The Check Point Research team has now discovered a new technique. Cybercriminals now falsely claim access to the website of the European Centre for Disease Prevention and Control (ECDC) where data on vaccinated persons are stored throughout Europe. They claim that they can register interested parties in the database, so that when they are checked, provided with false information, they appear everywhere as a fully vaccinated person.
However, the cyber criminals actually use a fake ECDC website for registration. Nevertheless, the trick works: An unsuspecting border officer or security guard at an event can be easily outwitted, because the digital certificate looks deceptively real. Check Point discovered the fake website using the URL embedded in the QR code.
Not only would this provide easy and affordable access to forged documents, but these IDs now seem even more credible because they point to supposedly genuine websites.