Italian police have launched a crackdown on criminals who traffic fake Covid-19 vaccination ‘green pass’ certificates via Telegram messenger.
The ‘NO-VAX FREE’ operation led to raids on premises linked to several suspected administrators of the Telegram channels in Veneto, Liguria, Apulia, and Sicily.
The Guardia di Finanza (GdF), the Italian law enforcement agency responsible for dealing with financial crime, first detected the trade in mid-July, shortly before they called on technical assistance from Group-IB’s Amsterdam-based, hi-tech crime investigation department.
Group-IB analysts subsequently managed to confirm the existence of at least 35 Telegram channels offering for sale fake green passes, documents issued to vaccinated Italian citizens and those who recently tested negative or recovered from Covid-19.
In follow-up research, Group-IB uncovered evidence that pointed towards the suspected perpetrators’ identities. Group-IB told The Daily Swig that the number of suspects identified is confidential because the police operation is ongoing. We’re still waiting back on a response to other follow-up questions from the threat intelligence firm.
Corrupt healthcare workers ruse
The cybercriminals behind the illicit trade in counterfeit passes promised prospective buyers “authentic Green Passes with QR codes”, credentials they supposedly obtained thanks to the complicity of corrupt healthcare sector workers.
In reality, any passes on offer were completely fake and the whole operation was a scam.
“We urge the Italians not to use these phony illegal services as they not only lose their money, but they submit their sensitive personal data to criminals and put themselves at a greater risk of follow-up scams,” said Colonel Gian Luca Berruti of the Guardia di Finanza, in a canned statement. “I thank Group-IB’s team for supporting the GdF investigation to unmask this criminal organization.”
According to Group-IB, fake passes typically sold for around €100, payable using cryptocurrency payments (Bitcoin or Ethereum), PayPal money transfer or voucher payments, like Amazon gift cards.
To get a green pass, the potential customer was first asked to create a secret chat on Telegram with the seller.
In several cases, this secret communication was deleted once buyers had paid with nothing offered in return. In other cases, only a fraudulent pass was offered.
Ongoing operation
Despite the crackdown, new channels peddling the same or similar fraudulent Covid-19 vaccination passes are likely to reappear. For this reason, The Guardia di Finanza operation remains ongoing.
A Guardia di Finanza statement on its operation thus far can be found here (in Italiano). A video of raids associated with the investigation was released through YouTube.
The scam has emerged in the country that was the epicentre of the first wave of coronavirus cases back in March 2020, and at a time of huge international concern about the spread of the Omicron variant of the virus that was first identified last week.
Source: https://portswigger.net/daily-swig/italian-police-crack-down-on-fake-covid-19-vaccination-passes