COVID-Related Cybercrime Swells in 2021: Stimulus Fraud, Vaccine Scams, and Disinformation All Front and Center

At Flashpoint, we closely monitor illicit online communities for new and evolving COVID-19-related threats to keep our customers informed and secure. In two weeks, we will host a live webinar to share our latest findings and elaborate on how coronavirus-related cybercrime trends are evolving in 2021.

Please join us for our webinar on Wednesday, March 24, 2021 at 1:00 PM EST!

Government Aid Fraud Losses May Already Exceed $100 Billion 

Today marks exactly one year since the World Health Organization (WHO) designated coronavirus as a global pandemic, and only in recent weeks has it begun to crystalize just how rampant COVID-related fraud targeting government relief programs has been. 

Open-source reporting indicates that the full scope of government aid program fraud losses in the U.S. will likely far-exceed $100 billion once ultimately tallied. California alone is estimated to have suffered between $11-30 billion in COVID-related fraud losses. Other states—including Colorado, Massachusetts, New York, and Ohio—are also uncovering egregiously large losses due to COVID-related fraud.

Cybercriminals are highly active on chat services such as Telegram discussing tactics for targeting government aid programs and sharing proof of their successes.

Cybercrime Surge to Follow the $1.9 Trillion Stimulus Aid Rollout

The third US stimulus aid package, worth approximately $1.9 trillion, is expected to land on President Biden’s desk for his signature this Friday, March 12, 2021. Related stimulus cybercrime and fraud will surely follow as threat actors find ways to exploit fastly deployed government aid.

When the $1.9 trillion stimulus aid begins to be distributed, Flashpoint expects actors will once again flood illicit communities hawking fraud walkthroughs and services to take advantage of government and business loopholes.

COVID-19 Cybercrime Methods Continue to Mutate in 2021

But even as we begin to see early signs of recovery, COVID-related cybercrime is primed to reach new heights in 2021. Unlike last year at this time when cybercriminals focused on exploiting early response efforts with tailored phishing and malware campaigns, now attackers are concentrating on unfolding vaccine and stimulus trends. 

In particular, beyond the targeting of government aid programs, Flashpoint sees three additional COVID-19-related cybercrime focus areas in 2021:

1. Resources and methods to fabricate proof of inoculation;
2. Stolen and counterfeit vaccine sales on the dark web; and
3. Disinformation that propagates fake science and anti-vaxxer claims.

1) Resources to Fabricate Proof of Immunization

As drug manufacturing for COVID-19 vaccine ramps up, it’s all but certain that cybercriminals will find new ways to exploit the extraordinary global demand for the vaccine. Fraud sales of falsified documents proving individuals have been vaccinated or have been otherwise exempt from inoculation mandates continue to mount as we move into the second year of this global pandemic.

In particular, vaccine exemption and immunization certificates are increasingly popular topics of conversation and seller advertisements throughout cybercriminal forums and marketplaces (see Figure 1). More common within communities dedicated to far-right conspiracy theories and domestic extremism, cybercriminal supply and demand for immunization fraud resources will remain strong to serve those unable or unwilling to get vaccinated.

Figure 1: Cybercriminal Ad Selling Vaccination Exemption Cards in Bulk

2) Stolen and Counterfeit Vaccine Sales 

Flashpoint is also observing increased chatter on dark web marketplaces advertising and selling stolen and counterfeit versions of the first two approved COVID-19 vaccines Pfizer-BioNtech, Moderna. The newer-to-market Johnson & Johnson vaccine will likely generate more activity in the coming weeks as wider distribution increases. 

Just as we observed throughout this past year when cybercriminals exploited shortages of N95 masks and other PPE, we should expect the same counterfeit or otherwise illicit sales of the vaccine—and far more of it. Scammers will inevitably find ways to profit from any lucrative, high-demand market, especially when life or death implications further escalate buyer motivation and risky behavior. And, if anything, the coronavirus vaccine market is bigger and even more lucrative given the global scope of the demand and limited scarcity of the supply.

Figure 2: Dark Web Seller of Purported Pfizer COVID-19 Vaccine

3) Fake Science and Anti-Vaxxer COVID-19 Disinformation

Lastly, we see an uptick in pandemic- and vaccine-related disinformation campaigns across online communities and throughout popular social networks and cybercriminal forums and chat rooms. Disinformation and misinformation campaigns sow public distrust, hamper vaccine distribution and immunization efforts, and extend and degrade the global economic recovery.

In these cases, threat actors aim to drum up people’s fears about the vaccines’ efficacy and deleterious effects—despite the resoundingly clear and incontrovertible evidence confirming the drugs’ safety and necessity (see Figure 3)

While the damaging effects of disinformation on global supply chains and consumer confidence may be subtler and less direct than other forms of COVID-19 fraud, the effective spread and amplification of such incendiary claims are often worse and hold far-reaching negative consequences.

Join Us for Our Upcoming Webinar on Wednesday, March 24th!

This blog post was just a sample of what we plan to share during our webinar. Join us on Wednesday, March 24th at 1:00 PM EST to hear our analyst Abigail Showman dig deeper into the observed COVID-19 cybercrime trends and how we expect 2021 to continue to unfold as we begin our initial global recovery.