Two eagle-eyed Irish citizens have denied scammers a golden phishing opportunity after spotting a typo in the URL for Ireland’s new Covid-19 recovery certificate portal and registering the correctly spelled domain.
Launched on Friday (July 23), the new service invites Irish citizens who have recovered from Covid-19 in the past six months to apply for a ‘Digital Covid Cert’ by completing an online form.
However, the original official domain – irishcovidcertifcateportal.org – was missing the second ‘i’ from the word ‘certificate’.
Scammers denied
Having spotted the mistake on the day of launch, journalist Adam Conway and computer science student Fionn Kelleher quickly secured the rights to irishcovidcertificateportal.org.
“We were… worried some scammers might actually grab the URL and do harm with it,” tweeted Conway.
The quick-thinking pair have used the domain to redirect visitors to the official site, which Ireland’s Department of Health has now switched to a new, shorter URL: irishcovidcertportal.org.
Had cybercriminals secured the correctly named domain instead, they would have owned an even more legitimate-looking URL than the official service, which asks visitors to input their date of birth, mobile phone number, and Personal Public Service (PPS) Number, which is used to access government services.
Given the level of demand for the service – a dedicated helpline for fielding the same requests was reportedly swamped with calls after launching on July 20 – a phishing scam leveraging the domain could have feasibly snared a significant number of victims.
Covid cert
Ireland’s Digital Covid Cert serves as proof that holders have been vaccinated against Covid-19, received a recent negative test result, or recovered from the virus.
The certificate can be used to access indoor dining services in restaurants and pubs within Ireland, and, restrictions permitting, to travel within the EU and EEA.
Responding to Conway’s tweet, David Molamphy, software engineering manager at Dell Technologies, also questioned the wisdom of choosing a .org address.
“Even without the misspelling this couldn’t seem less legit if they tried,” he said. “At the very least should be on a *.gov.ie sub-domain, or even a single page UI and form off the http://vaccine.hse.ie SFDC web app would make more sense.”
The Daily Swig has put additional questions to Ireland’s Department of Health.
Source: https://portswigger.net/daily-swig/potential-phishing-scam-averted-following-irish-coronavirus-certificate-website-typo