italian_police

The Italian financial crime agency (Guardia di Finanza – GdF) has announced the arrest of several individuals suspected of managing Telegram channels to promote fake vaccine certificates, aka 'Green Passes.'

The operation was supported by evidence collected by investigators at Group-IB's high-tech crime unit, who managed to unmask the criminals despite measures to keep their identities hidden.

The searches and arrests took place in Veneto, Liguria, Apulia, and Sicily and all arrested suspects admitted to the illegal activity.

Selling fake Green Passes

The actors operated at least 35 Telegram channels that had a combined audience of 100,000 users, promising “authentic” and valid vaccination certificates for €100 ($113).

Although the sellers claimed they had accomplices in the health department who could add false entries in the national database, thus rendering the generated QR codes valid, their Green Passes were fake.

As such, those who paid in Bitcoin, Ethereum, PayPal, or Amazon gift cards, were all scammed, getting a fake card that would fail to pass any COVID-19 vaccination checks.

Fake documents presented as examples of Telegram
Fake documents presented as examples of Telegram
Source: Group-IB

Blackmail risks

Circumventing the regulations around vaccination or COVID-19 testing carries a dire risk relevant to the virus itself, but this is not the only risk that arises from these cases of fraud.

In this case, the users who bought fake green passes from the scammers provided their full names, dates of birth, addresses, and tax code identifiers.

While this information would be required to create a realistic context for the scam to work, this data is valuable in its own right and can be resold to other cybercriminals.

Moreover, it can be used as an extortion lever, threatening the buyers of fake vaccination cards with public exposure if they don’t pay a ransom.

Details requested by the scammers on the post.
Details requested by the scammers on the post.
Source: Group-IB

"Numerous users of the network who - in order to circumvent the regulations for the protection of the community issued by the legislator to counter the evolution of the pandemic in progress - attracted by the idea of ​​being able to purchase a green pass without qualification for a cost of 100 Euros." - Guarda di Finanza (translated)

"In addition to having lost the agreed sum, they also superficially shared their identity documents, exposing themselves to high risks regarding their illicit use."

This coercion is precisely what Russian scammers are doing, following a very similar modus operandi to their Italian counterparts, selling fake vaccine cards on Telegram channels for around $120.

Instead of sending the promised cards to the buyers, they deliver threats to alert the authorities of the buyer’s identity unless they receive an additional amount.

Purchasing fake vaccination certifications entails criminal liability for the buyers in most countries, so the chances of finding trouble one way or another are overwhelmingly high.

No matter what burdens decrees may have imposed on you, you should keep in mind that conducting business and sharing personal data with suspicious entities online is like voluntarily registering for phishing, scams, and blackmail.

Related Articles:

Redline, Meta infostealer malware operations seized by police

Dutch Police: ‘State actor’ likely behind recent data breach

Telegram now shares users’ IP and phone number on legal requests

Ukraine bans Telegram on military, govt devices over security risks