As the COVID-19 vaccination drive kicks off in India, phishing scammers are looking to cash in on people’s quest to get the vaccine. Adversaries are tricking users into handing over cash or financial details in a recent bolstered vaccination scam through some bogus websites. Here’s how these scammers benefit themselves and put beneficiaries at potential harm.
From Phishing to Money Scam: How Scammers are taking advantage of users?
Scammers were prevalent throughout the pandemic. Since the start, fraudsters have been bombarding consumers with new tricks, using their own versions of fake Co-WIN websites to extract money from users.
When users access the website www[.]indiavaccine1[.]com, coming in the SMS, they are redirected to a home page for Vaccine Reservation, where they are asked to pay rupees 3960 INR for two doses in advance. Users are given an assurance of refund once the vaccination is done.
The detailed analysis of the money scam by Quick Heal Security Labs is as below. The home page contains three submenus redirecting the user to http[:]//shenqiwunet[.]com fake web page –
While booking the slot, scammers ask for personal information, including name, ID card number, and contact information. The website does not validate any information given by the victim. Instead, directly asks for the payment mode.
There are three different payments modes to choose from :
The user is redirected to a web page in Chinese where the order number and a valid date for the appointment for vaccination are shown. Victims need to choose between Bank or UPI as the final payment method.
Under the UPI option, users have to pay money to the UPI ID given on the screen. The screen also displays a notice not to use Paytm Wallet to transfer the money.
As the final step, users are asked to fill in the reference number. Even though the victim enters the wrong 12-digit reference number, the message of successful submission is displayed.
2. Marspay Payment Method 1 –
Under this method, the user is redirected to https://star1122.com, where they are asked to enter UPI account details.
3. Global Pay Payment Method 2 –
Under this method, the user is redirected to https[:]//gateway[.]shineupay[.]com and after clicking on ‘Recharge’, the user is further redirected to https[:]//mixint[.]fxsgkt[.]com for payment.
The IP associated with all the above URL’s had suspicious relations in the past as well.
While we regularly check our emails for any vaccine updates or confirmations, it can be hard to distinguish between legitimate and phishing emails. The best way to protect yourself from scammers is by learning to recognize the red flags. Knowing the red flags in advance will make you less likely to click on that convincing email.
If you think you were scammed, just report to the Federal Trade Commission. Any third-party email or SMS claiming to help with the registration process for the vaccine could be potentially dangerous. Users are requested to not click on the links on such messages.