Scam Alert: Covid-19 Vaccine Phishing and Money Scam Hits India
As the COVID-19 vaccination drive kicks off in India, phishing scammers are looking to cash in on people’s quest to get the vaccine. Adversaries are tricking users into handing over cash or financial details in a recent bolstered vaccination scam through some bogus websites. Here’s how these scammers benefit themselves and put beneficiaries at potential harm.
From Phishing to Money Scam: How Scammers are taking advantage of users?
Scammers were prevalent throughout the pandemic. Since the start, fraudsters have been bombarding consumers with new tricks, using their own versions of fake Co-WIN websites to extract money from users.
When users access the website www[.]indiavaccine1[.]com, coming in the SMS, they are redirected to a home page for Vaccine Reservation, where they are asked to pay rupees 3960 INR for two doses in advance. Users are given an assurance of refund once the vaccination is done.
The detailed analysis of the money scam by Quick Heal Security Labs is as below. The home page contains three submenus redirecting the user to http[:]//shenqiwunet[.]com fake web page –
- National Vaccination – Contains a video link “http[:]//shenqiwunet[.]com/video/202107/2827[.]html”
- About Vaccine – Contains vaccine-related instructions while confusing users of the shortage so that they book the vaccine faster.
- Appointment Steps – Contains vaccination process information. The IP associated with this fake website was linked to China, and the downloaded files are malicious.
- Contact Us – The registered fake WhatsApp number is under a painter named ‘Kumar’ from Tamil Nadu on Truecaller.
While booking the slot, scammers ask for personal information, including name, ID card number, and contact information. The website does not validate any information given by the victim. Instead, directly asks for the payment mode.
There are three different payments modes to choose from :
1.DDPAY –
The user is redirected to a web page in Chinese where the order number and a valid date for the appointment for vaccination are shown. Victims need to choose between Bank or UPI as the final payment method.
Under the UPI option, users have to pay money to the UPI ID given on the screen. The screen also displays a notice not to use Paytm Wallet to transfer the money.
As the final step, users are asked to fill in the reference number. Even though the victim enters the wrong 12-digit reference number, the message of successful submission is displayed.
2. Marspay Payment Method 1 –
Under this method, the user is redirected to https://star1122.com, where they are asked to enter UPI account details.
3. Global Pay Payment Method 2 –
Under this method, the user is redirected to https[:]//gateway[.]shineupay[.]com and after clicking on ‘Recharge’, the user is further redirected to https[:]//mixint[.]fxsgkt[.]com for payment.
The IP associated with all the above URL’s had suspicious relations in the past as well.
How to protect yourself and stay safe?
While we regularly check our emails for any vaccine updates or confirmations, it can be hard to distinguish between legitimate and phishing emails. The best way to protect yourself from scammers is by learning to recognize the red flags. Knowing the red flags in advance will make you less likely to click on that convincing email.
- Proactively search for authentic websites or go directly to the government website/hospital to get the correct information.
- Keep an eye out for fake CoWin websites or vaccine registration apps. Apart from these, also be aware of other portals and platforms popping up on social media platforms or being flagged by government officials.
- Always check URLs. Hackers are creating sites that look like official healthcare institutions and vaccine providers. Navigate directly to official websites such as CDC.gov and your state/city’s official website.
- Be aware – you don’t have to put your name on the list or buy a slot to get the vaccine. That’s a scam. Legit organizations will not call for the vaccine or ask to pay money or your credit card number.
If you think you were scammed, just report to the Federal Trade Commission. Any third-party email or SMS claiming to help with the registration process for the vaccine could be potentially dangerous. Users are requested to not click on the links on such messages.
No Comments, Be The First!