Special Feature
Part of a ZDNet Special Feature: Coronavirus: Business and technology in a pandemic

Justice Department seizes fake COVID-19 vaccine website stealing info from visitors

“Freevaccinecovax.org” was being used for fraud, phishing attacks, and/or deployment of malware, according to The U.S. Attorney’s Office.

covid-vacnine.png

A fake COVID-19 vaccine website stealing visitors' data has been shut down by the Justice Department, according to the U.S. Attorney's Office for the District of Maryland.

latest developments

Coronavirus: Business and technology in a pandemic

From cancelled conferences to disrupted supply chains, not a corner of the global economy is immune to the spread of COVID-19.

Read More

The people behind "freevaccinecovax.org" made the website look like it for a biotechnology company working on the vaccine for COVID-19, but it actually was being used by cybercriminals for "fraud, phishing attacks, and/or deployment of malware."

The site now has a large banner saying it has been seized by the federal government. 

"This is the ninth fraudulent website seeking to illegally profit from the COVID-19 pandemic that we have seized," Acting U.S. Attorney Jonathan Lenzner said in a statement. 

Lenzner noted that the website is one of thousands that have popped up since the pandemic began in early 2020. Cybercriminals have leveraged the fear and interest around COVID-19 to propagate a variety of scams or efforts to spread malware. 

Lenzner added that the government is "providing the vaccine free of charge to people living in the United States" and that no one should ever click on anything offering the vaccine for sale. 

The affidavit filed in court by the Justice Department says the scam was initially uncovered by the HSI Intellectual Property Rights Center and the HSI Cyber Crimes Center. The website was allegedly created from an IP address in Strasbourg, Germany but was registered in Russia, according to the Justice Department. 

It was created on April 27 and the site's homepage featured the logos of a number of well-known healthcare organizations like the World Health Organization, Pfizer, and the United Nations High Commissioner for Refugees. The website asked visitors to enter their location and then automatically downloaded a PDF file that users could fill out and upload. 

It is unclear how many people visited the site and filled out the PDF. 

Eric Howes, principal lab researcher at cybersecurity firm KnowBe4 said both the domain itself and the operation associated with it illustrate just how useful the COVID-19 pandemic has been for malicious actors looking to cash in on other people's misery. 

A bogus vaccine website offers bad actors a wide range of potential social engineering schemes, Howes explained, including offers for free access to vaccine supplies to bogus investment schemes. 

"COVID-19 has been the gift that keeps on giving for fraud artists over the past year," Howes said. "While authorities are to be lauded for shutting down this domain, one wonders how many more of them pushing similar fraudulent schemes are out there on the internet. Dozens? Hundreds? Thousands? Moreover, how long will it be before the parties behind this operation simply set up another domain and continue their operations?"