• Products

    Digital Trust & Safety Platform

    Fight fraud without sacrificing growth

    Learn more

    Platform solutions

    • Payment Protection
    • Account Defense
    • Dispute Management
    • Content Integrity
    • Sift Connect
    • Passwordless Authentication

    Sift innovations

    • PSD2 Solution
    • New Releases & Enhancements
  • Industries

    One solution, any industry

    Learn how Sift can work for your industry

    Learn more

    Featured Industries

    • Fintech
    • Payment Service Providers
    • Retail
  • Customers

    Case studies by industry

    See how leading brands succeed with Sift

    Learn more

    Featured Customers

    • DoorDash
    • Uphold
    • Paula’s Choice
  • Partners
  • Fraud Center
  • Resources

    Fraud-fighting resources

    Explore fraud trends and insights

    Learn more

    • Blog
    • Demos
    • Infographics
    • Ebooks & Reports
    • Videos
    • Podcasts
    • One-Pagers
    • Webinars
    • Trust & Safety University
  • Company

    Why leaders choose Sift

    Technology, community, and partnership

    Learn more

    Our mission: Help everyone trust the internet

    • About
    • Careers
    • News & Press
Talk to an expert
Products
  • Digital Trust & Safety Platform
  • Payment Protection
  • Account Defense
  • Dispute Management
  • Content Integrity
  • Sift Connect
  • Passwordless Authentication
  • PSD2 Solution
  • New Releases & Enchancements
Industries
  • Fintech
  • Retail
  • Payment Service Providers
Customers
Partners
Fraud Center
Resources
  • Blog
  • Ebooks & Reports
  • One-Pagers
  • Demos
  • Videos
  • Webinars
  • Infographics
  • Podcasts
  • Trust and Safety University
Company
  • Search Careers
  • Our Company
  • Contact Us
  • Engineering Blog
Talk to an expert Sign in
  • Blog Home
  • Digital Trust & Safety
  • Fraud
< prev / next >
Share this article on LinkedIn
Tweet this article
Share this article on Facebook
SOCIALICON
Share this article via email

A Deep Dive into COVID Passport Fraud

By Kathryn Schneider  / 

13 Aug 2021

Throughout the pandemic, fraudsters have exploited every shift in consumer spending, oftentimes capitalizing on misinformation and consumer fear. More recently, fraudsters are increasingly targeting vulnerabilities in COVID passports, tapping into the market of vaccine-hesitant consumers looking to purchase fraudulent vaccine credentials online to bypass vaccine mandates many businesses have implemented. 

During a recent webinar with the Loyalty Security Association (LSA), Brittany Allen, Trust and Safety Architect at Sift, discussed the rise of fake and forged COVID vaccine passports, how it impacts merchants, and ways consumers, businesses, and governments can prepare for possible breaches of COVID passports and their data.

Understanding the deep web

Fraudsters harness the internet in a multitude of ways to commit fraud through the surface web, deep web, and dark web—each offering varying levels of security and anonymity. The surface web comprises any website indexed by traditional search engines, such as Google or Bing. Some basic types of fraud occur on the surface web, such as through Reddit and Facebook, but fraudsters typically turn to the deep or dark web to execute more complex forms of fraud. 

The deep web is a term that was coined in 2001 and includes sites that are not indexed by traditional search engines. These deep web platforms offer fraudsters a means to communicate and carry out fraud with more privacy and anonymity through gated sites. Taking privacy a step further, the dark web offers the highest level of anonymity, accessible only through specific software, such as a Tor browser or specific VPN configuration. 

“The deep web…is a place for fraudsters who aren’t yet sophisticated enough to make it to the dark web and are still able to communicate with a bit more privacy, a bit more anonymity, but they are also able then to sell to a much wider audience of buyers, who also aren’t as comfortable or able to get onto the dark web. And that’s where we’re seeing a real proliferation of fraudulent activity and chatter,” said Allen.

One such deep web platform is the cloud-based private encrypted messaging app Telegram, which has quickly become one of the most downloaded apps (non-game) worldwide. The app has become attractive to fraudsters because of its hands-off approach to moderation and the ability to set up an account with only a phone number, as well as its private channels and disappearing messages. Fraudsters on Telegram have harnessed and capitalized on the pandemic market, launching COVID vaccine scams and selling fake vaccination certificates, among many other schemes.

Telegram fraud groups

COVID passport fraud

During the past few months of COVID vaccine acceleration, the market for forged vaccine passports and credentials has been on the rise—giving the vaccine-hesitant a way to bypass growing vaccine mandates and proof of vaccination implemented by businesses and governments. 

The proliferation of misinformation around the safety of vaccines also benefits fraudsters, creating fear, urgency, and doubt (FUD) that can increase their sales. And because vaccine cards are a simple piece of paper with handwriting, the barrier to entry is low, especially for fraudsters experienced at creating fake documents. Thanks to the trend of posting selfies with vaccine cards, cybercriminals can easily pull personal information from them to commit identity theft.

Groups on Telegram dedicated to selling COVID vaccine cards have quickly grown and created fierce competition—some with over 150,000 members selling selfies with COVID vaccination information for as much as $900. Allen has even discovered groups within the messaging app that utilize automation through a bot to provide an added layer of anonymity—users can follow the prompts to purchase COVID vaccination cards in exchange for cryptocurrency payments (universally preferred by fraudsters due to their irreversible nature).

Covid vaccination card bot

Mitigating exposure

Although the landscape of COVID passport fraud is still developing, there are a few ways merchants can stay informed and prepared. Most importantly, businesses need to be transparent about potential risks with customers. Because requirements will likely continue to evolve, merchants should plan for various scenarios and keep a close eye on changing government recommendations and how other businesses are handling the situation. And to stay proactive, it’s wise to be strategic about verifying risky logins and activity by adding dynamic friction—enabling legitimate COVID passports with a seamless user experience while implementing necessary barriers for suspicious credentials.

“When you make these plans, have some generalized assumptions. It’s like when you’re doing a security vulnerability test—knowing what your vulnerabilities are or what your riskiest points are within that user experience or on your site, and planning for them in general. That could be planning for vaccine passports being mandatory for a certain app, and then rolling back any kind of requirements. Taking those high-level parts of the response like customer service, trust and safety, product, and engineering, and seeing what they might need to do, could help you formulate a plan that doesn’t have the very narrow specifics of the day to day changes we see, but still give you an idea of how quickly could you adapt. Should you need to, you pull one of those levers,” advised Allen.

To learn more about COVID passport fraud and how it could impact your business, watch the full webinar.

WATCH THE WEBINAR

Related

covid passport fraudcovid vaccine scamsdark webdeep webdigital fraudDigital Trust & Safetyfraud preventionfraud solutionsTelegramtrust and safety

Kathryn Schneider

Kathryn Schneider is Sift’s Content Marketing Manager, specializing in digital content that sparks lasting impact. She’s an avid hiker, art enthusiast, and dedicated nonprofit volunteer.

  • < prev
  • Blog Home
  • next >
  • Company
  • About Us
  • Careers
  • News & Press
  • Partner With Us
  • Blog
  • Support
  • Help Center
  • Contact Support
  • System Status
  • Trust & Safety University
  • Fraud Management
  • Developers
  • Overview
  • APIs
  • Client Libraries
  • Integration Guides
  • Tutorials
  • Engineering Blog
  • Social

Don’t miss a thing

Get industry trends, insights, and actionable fraud-fighting tips.

You're on the list.

You can unsubscribe at any time. Please see our Website Privacy Notice.
Do Not Sell My Personal Information

If you are using a screen reader and are having problems using this website, please email support@sift.com for assistance.

© 2023 Sift Science, Inc. All rights reserved. Sift and the Sift logo are trademarks or registered trademarks of Sift Science, Inc.
Privacy & Terms

Secure your business from login to chargeback

Stop fraud, break down data silos, and lower friction with Sift.

  • Achieve up to 285% ROI
  • Increase user acceptance rates up to 99%
  • Drop time spent on manual review up to 80%
Your information will be used to contact you about our service and subscribe you to our direct marketing communications. You can, of course, unsubscribe at any time. Please see our Website Privacy Notice.