Fake vaccine and test certificates pose threat to ‘Covid passport’ plans

Covid passport schemes could “unravel” unless measures are taken to combat fake vaccine and counterfeit test certificates, experts have warned.

Cybersecurity experts at Check Point Research issued the warning today amid rising concerns over the volume of fake Covid credentials being sold on the dark web.

Between March and May, Check Point research revealed a 500% increase in the number of forged certificate vendors. This increase, researchers suggested, highlights a growing demand to evade inspections and circumvent rules.

New EU legislation coming into effect in July will provide free certificates in the form of a QR code on a smartphone, or as a paper document.

These new certificates will show that a person is either vaccinated, has immunity to the virus, or has recently received a negative PCR test result.

Similarly, UK travellers who have had both vaccine doses will be able to use the NHS App as a vaccine passport and are expected to be covered under the EU scheme as a third country.

Other nations, including France and Germany, are also exploring the launch of their own Covid passport schemes. However, Check Point researchers warned that without a unified global approach to verify certificates, “fragmented rules and ambiguity” will play into the hands of hackers and fraudsters.

“We urge governments to come together and act quickly to combat the increased sales of fake certificates on Telegram and the Darknet. Without a central system, it becomes much easier for hackers and fraudsters to fall through the cracks,” said Oded Vanunu, Head of Products Vulnerability Research at Check Point Software.

According to Check Point, many customers could be people who have tested positive, refused to take a test or are unwilling to have the vaccine.

It could also be down to the exploitation of innocent users looking for information and guidance, some of whom are lured to fraudulent or suspicious domains in the belief that they are legitimate.

Travellers need to be wary of misspelled websites and only install verified apps from official sources, Vanunu explained.

Similarly, travellers should also be wary of QR codes as these can serve as a…