The website was scamming users in the name of providing the COVID-19 vaccine but actually collecting their personal data for malicious purposes.
The US Attorney’s office for the District of Maryland has seized “freevaccinecovax.org” which purported to be the website of an actual biotechnology company developing a vaccine for COVID-19 but in reality, it was alleged to be collecting personal information of individuals visiting the site.
The scammers behind the domain intended on using the information for malicious purposes such as fraud, phishing attacks, and/or deployment of malware.
Upon the conduction of a domain analysis by HSI, it was revealed that the domain name was created on 27th April 2021, using an IP address that traced back to Strasbourg while the registrant country was listed as Russia.
Furthermore, the logos of Pfizer, the World Health Organisation (WHO), and the United Nations High Commissioner for Refugees (UNHCR) appeared on the homepage of the fraudulent site.
Specifically, the fraudulent website contained a “Select your city” drop-down and “Apply” and “Upload application” buttons. Upon selecting a city and clicking on “Apply” a PDF file is downloaded to your computer. This PDF file is written in Cyrillic. Once the PDF is completed, it then can be uploaded to the website by clicking on the “Upload application” button.