Consumers researching ways to protect against the novel coronavirus might have stumbled upon what appeared to be a new website from Moderna Inc., announcing in capital letters, “You may be able to buy a Covid-19 vaccine ahead of time,” and offering doses for $30 each.
The sham site was one of many pandemic-related cyber schemes to emerge in the past year. Scammers are taking advantage of widespread anxiety about Covid-19, enticing people to give up their personal data and money with the promise of a vaccine. After a U.S. Department of Homeland Security investigation of the site, three Baltimore-area men were arrested on Feb. 11, charged with conspiracy to commit wire fraud.
As of last week, Homeland Security investigators had seized roughly $33 million in illicit proceeds and analyzed almost 80,000 Covid-19 domain names, according to a spokeswoman for the agency.
Scammers also have posed as representing Pfizer Inc. and BioNTech SE, which offer the other vaccine so far approved for emergency use in the U.S.
In December, the Maryland U.S. attorney’s office shut down two similar though unrelated schemes that mimicked drug companies and aimed to collect personal information for phishing attacks. One, at regeneronmedicals.com, claimed to be linked to Regeneron Pharmaceutics Inc., the biotechnology company that provided the treatment used on former President Trump late last year when he had Covid-19. Another, at mordernatx.com, had the look of the Cambridge, Mass.-based biotech’s actual website, modernatx.com.
“Patients should never try to secure a vaccine online—no legitimate vaccine is sold online,” said Pamela Eisele, communications director for Pfizer. Moderna didn’t respond to requests for comment. A representative for Regeneron Pharmaceuticals Inc. said the company is aware of the impostor website and appreciates the work done by investigators on the matter.
An image of what visitors now see at a fake Covid-19 vaccine website disabled by U.S. authorities.
Photo: HOMELAND SECURITY INVESTIGATIONS
The ploys aren’t confined to the U.S. France-based international police agency Interpol has warned that phishing schemes and fake websites are impersonating government and health authorities in Europe.
As life moves increasingly online, experts say consumers are more vulnerable to these kinds of tricks. Scammers use search algorithms and paid advertisements to take advantage of their trust, said Douglas Schmidt, co-director of the Data Science Institute at Vanderbilt University. Older populations who weren’t raised on the internet are especially vulnerable, he said.
“You expect that Google will only give you stuff that’s valid,” Mr. Schmidt said.
In Maryland, Homeland Security Investigations, an arm of the U.S. Department of Homeland Security, used an undercover agent to buy $6,000 worth of doses from a fake site, Modernatx.shop. After looking at the source code, investigators determined a web tool was used to copy Moderna’s actual website, the U.S. attorney’s office in Baltimore said. The undercover agent was told to send half of the payment through the Federal Credit Union in Vienna, Va., to 22-year-old Kelly Lamont Williams, according to an affidavit.
Using Mr. Williams’ phone, the affidavit says, investigators asked an alleged accomplice, Odunayo Baba Oluwalade, 25, where to send the money. He told Mr. Williams to send the payment through Square Inc.’s Cash App and money-transfer service Zelle, the affidavit alleges. A third man, 22-year old Olakitan Oluwalade, allegedly also was involved. Legal counsel for the men declined to comment.
The men were released under the supervision of the U.S. Office of Probation and Pretrial Services and haven’t entered a plea. A preliminary hearing is scheduled for March 5. If convicted, the defendants could face up to 20 years in prison.
Many Covid-19 scam attempts involve simple tools and everyday payment methods, says Pat Wilbur, chief technology officer at Hologram Inc., a Chicago-based cellular platform company. Although some pandemic scams might seem obvious to some, they often work because people are desperate to get back to normal, said Mr. Wilbur, who said he reports scammers to authorities as a hobby.
Early Warning Services LLC, which operates Zelle, said the company monitors its network for transactions that violate its terms of service. Consumers are advised to treat Zelle payments like cash and be aware of “too good to be true” offers, the company said. A representative for Square said, “We continue to invest in and bolster fraud-fighting resources by both increasing staffing and adopting new technology.”
Companies, particularly those involved with vaccines and treatments for Covid-19, should keep an eye out for the way their brand and name are being used, said Bruce deGrazia, program chair for cybersecurity management and policy at the University of Maryland Global Campus. Moderna’s cybersecurity team has detected similar websites in the past, the U.S. attorney’s office said in a release.
Intellectual property lawyers also can work with a company’s cybersecurity team to identify trademark and copyright violations, Mr. deGrazia said.
“As the public seeks vaccines to protect themselves and their families from Covid-19, fraudsters are waiting to take advantage of their desperation,” said Special Agent James Mancuso, who leads Baltimore’s Homeland Security Investigations unit. “We want to remind the public to exercise extreme caution online.”
Write to Brooke Henderson at [email protected]
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
