As long as COVID-19 vaccines have been readily available, there have been scammers looking to profit from it.

According to Check Point Research, the following have been observed on the dark web:

  • Vaccine passports on sale for just $250
  • Fake COVID test results for as little as $25
  • Purported vaccine doses, from AstraZeneca, Johnson & Johnson and more, from $500-$1000
  • Increase in vaccination advertisements on the dark web of over 300% in the last three months.

Further, Check Point Research has observed certificates for passports being sold from countries such as:


  • US
  • UK
  • Germany
  • Greece
  • Netherlands
  • Italy

In general, Check Point Research has seen a 10x increase in sellers offering these certificates in the last two months. Further, CPR has data on the going rate for certificates by country:

Country Price
Australia 110AUD
Brazil $80
Canada $120
France €150
India $75
Russia 500-9500 RUB
Thailand $80
US $150-200


In the cases above, the idea is to sell a fake vaccine pass that can be used to defraud official vaccine checks. (ie., use a fake vaccine pass to gain entry into a place where vaccination is required.)

Hackers have another way to defraud—this time it’s with hackers hoping to scam end-users.

This vaccine pass spoof email aims to get end-users to give over valuable information such as home addresses. Here’s the email:

This scam thrives on urgency. Notice how it says, “If you ignore or reject this invitation you might have to wait up to 12 months until you receive another one.” For travel-hungry Brits, this may be enough of a lure to cause them to jump into action.

It’s important to know that in England, the only way to get a hard-copy of vaccination status is by registering your home address with a general practitioner. The NHS gets your address from those records.

Beyond that, there are no links to the site in the email, which allowed it to bypass many traditional phishing filters. The email itself is well-written, with no easily discoverable spelling or grammar errors.

The more these mandates spread, the more of these emails will reach inboxes.

To stop them, it requires the use of a multi-tiered security architecture like Avanan, one that understands the language in a phishing email and uses advanced AI and NLP to detect the traps the attackers have laid out.

Subscribe to Our Attack Briefs for More Research