Huge jump in fake vaccine domains to steal money, data

New Delhi, March 4 There has been a surge in vaccine-related scams in recent months and a new report said on Thursday that the number of web domains featuring the word "vaccine" in their title has now significantly increased, and the danger includes credential theft, credit card fraud, malware installation and more.

The team at cyber security firm Check Point Research (CPR) said that since the beginning of November 2020, it has documented 7,056 such new domains, of which 294 were deemed potentially dangerous.

From July till October, the team documented only 1,773 new domains, of which 228 were deemed potentially dangerous.

"In effect, domain registrations increased by 300 per cent throughout the two time periods, while websites deemed dangerous by CPR increased by 29 per cent," the company said in a statement.

"The reason is that scammers are taking public interest around the vaccine as an opportunity for their own malicious purposes," it added.

Online scams often start with a domain registration. Upticks in domain registrations signal that scammers are preparing content as a means to profit from criminal campaigns.

"CPR expects the vaccine related scams to continue in the near-term future. People everywhere should watch out for and learn how to protect themselves from phishing and domain spoofing attacks," the company said.

Last month, the leader of a multi-million-dollar scam that passed off saline solution and mineral water as Covid-19 vaccines was arrested in China. The man, identified as Kong, had researched the packaging designs of real vaccines before making more than 58,000 of his own concoctions.

In December last year, the Interpol had warned the law enforcement agencies across the globe that organised criminal networks could try to advertise and sell fake Covid-19 vaccines on the internet.

The Check Point team said that people must be beware of misspellings or sites using a different top-level domain.

"For example, a .co instead of .com. Misspelling in domains are a string giveaway that deception is at play. Beware of 'buy vaccine' offers. As tempting as they may be, they are almost guaranteed to be scams," the team advised.

Credential theft is a common goal of cyberattacks. Many people reuse the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to a number of the user's online accounts.

"Never share your account credentials and don't re-use passwords," the team said.

( With inputs from IANS )

Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor