Getty Images

Feds Seize Fraudulent COVID-19 Vaccine, Pharmacy, Pfizer Websites

A federal government effort has taken down multiple fraudulent websites tied to the COVID-19 response and vaccine rollout, in addition charges for 474 individuals.

Multiple fraudulent COVID-19 vaccine, pharmacy, and other pandemic-related websites have been taken down, as a result of a federal government enforcement effort to combat fraud schemes and attacks across the US, the Department of Justice recently announced.

The DOJ announcement followed an earlier notice from the US Attorney’s Office for the Eastern District of Virginia, which reported the seizure of four domains purporting to be legitimate websites of Pfizer as part of ongoing Homeland Security Investigations.

The team was also able to seize three websites that claimed to be tied to UNICEF. In all seven cases, the sites appear to have been designed to obtain information of users for malicious purposes, including phishing or fraud.

HSI opened investigations into the seized sites between December 2020 and February 2021, after reports that the webpages were being used for nefarious purposes.

For example, the fraudulent Pfizer pages leveraged registered trademarks of both Pfizer and BioNTech SE to facilitate phishing schemes tied to the increased interest in the pharma companies’ products, as well as false advertisements for related stock and trading options.

In all cases, the sites appeared wholly legitimate and attempted to trick users into inputting personal data into the fraudulent sites, including bank account information, in some cases.

The false UNICEF sites targeted those seeking assistance from the pandemic fallout and were aimed at money laundering, phishing attempts, and to collect personal data.

“The online fraud and phishing schemes that were embedded within these seven sham websites sought to capitalize on the misfortunes of others during the global pandemic,” said Raj Parekh, Acting US Attorney for the Eastern District of Virginia, said in a statement.

“We urge the public to safeguard your sensitive personal information at all times, including from these fraudulent COVID-19 schemes,” they added.

Since the national emergency declaration last March, fraud attempts and phishing attempts tied to the coronavirus have dominated the threat landscape. Recent reports showed a significant uptick in phishing attacks against hospitals and pharmacies that correlated with the vaccine rollout.

In response, healthcare providers should try to keep patients and even employees abreast of these types of fraud attempts to protect them from potential privacy risks.

Throughout the last year, federal agencies and security researchers across all sectors have steadily worked to both defend against these threats and inform all entities of the serious risks these fraud attempts pose.

DOJ has also worked to shutter hundreds of fraudulent webpages that facilitated scams, as well as other actions aimed at disrupting the financial networks that supported these kinds of malicious efforts.

The agency has continued to combat criminal and civil efforts related to COVID-19 fraud, including schemes tied to the Paycheck Protection Program (PPP), Economic Injury Disaster Loan (EIDL) program, and Unemployment Insurance (UI) programs.

The agency continues to work with leaders from other sectors to combat COVID-19-related fraud. The latest update revealed DOJ has publicly charged 474 individuals for criminal offenses due to COVID-19 fraud schemes, which include attempts to obtain more than $569 million from the government and private citizens.

DOJ’s International Computer Hacking and Intellectual Property (ICHIP) program advisors were responsible for coordinating efforts across the globe to take down multiple COVID-19 scams, as well as significant seizures of counterfeit medicines and medical supplies.

“DOJ has led an historic enforcement initiative to detect and disrupt COVID-19 related fraud schemes,” said Attorney General Merrick Garland, in a statement. “The impact of the department’s work to date sends a clear and unmistakable message to those who would exploit a national emergency to steal taxpayer-funded resources from vulnerable individuals and small businesses.”

To support employees and patients, healthcare entities should review previous guidance from the Office for Civil Rights to gain insights around fraud attempts and the risk it poses to both the overall enterprise and the individuals involved.

Released in May 2020, the cyber resource sheds light on how to best prevent, detect, respond, and recover from privacy and security threats tied to the pandemic. The guide has information on responding to ransomware, the reinforcement of phishing education with the workforce, and NSA telework guidance, among other threat insights.

Next Steps

Dig Deeper on Cybersecurity strategies