FortiGuard Labs Threat Research Report
Many thanks to Shunichi Imano and Val Saengphaibul, who helped contribute to this blog.
Affected Platforms: Email clients
Impacted Parties: Email users
Impact: Loss of personally identifiable information and/or money
Severity Level: Low
The battle against COVID has been waged for almost two years. With over 2 billion people around the globe now fully vaccinated, some countries have introduced a vaccine passport (certificate) program to allow people with proof of vaccination to travel, return to the office, and participate in public events.
For a time, the United Kingdom considered having nightclubs and other similar indoor venues require proof of vaccination for entry by the end of September. However, that idea has since been rescinded. In the United States, President Joe Biden recently mandated that certain members of the workforce be vaccinated, and proof of vaccination may be required. Other activities, like shopping or travel, may be impacted as people abuse the honor system. In the EU, digital COVID certificates already make travel between member states easier.
Overall, for a variety of purposes, global demand for proof of vaccination is increasing. Because of this trend, opportunistic cybercriminals have begun selling counterfeit vaccine passports on the black market. While this is not necessarily new, unlike other criminal activities, this strategy is going mainstream. FortiGuard Labs has now begun to encounter offers of fake vaccine passports as lures in email scams. Successfully enticing the general population to open a malicious email attachment with the promise of receiving an illegal product may be a first. It reflects how polarizing this issue is and why cybercriminals think that they can successfully exploit it.
Digital Covid Vaccination Passport
FortiGuard Labs recently observed one email spam that uses the following lure:
Fortinet Inc. published this content on 20 September 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 20 September 2021 19:21:03 UTC.