{"id":90319,"date":"2021-09-09T14:49:32","date_gmt":"2021-09-09T09:19:32","guid":{"rendered":"https:\/\/blogs.quickheal.com\/?p=90319"},"modified":"2023-08-08T18:38:03","modified_gmt":"2023-08-08T13:08:03","slug":"scam-alert-covid-19-vaccine-phishing-and-money-scam-hits-india","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/scam-alert-covid-19-vaccine-phishing-and-money-scam-hits-india\/","title":{"rendered":"Scam Alert: Covid-19 Vaccine Phishing and Money Scam Hits India"},"content":{"rendered":"<p>As the COVID-19 vaccination drive kicks off in India, phishing scammers are looking to cash in on people&#8217;s quest to get the vaccine. Adversaries are tricking users into handing over cash or financial details in a recent bolstered <a href=\"https:\/\/blogs.quickheal.com\/cyberattackers-breaking-in-through-covid-19-vaccination-data\/\">vaccination scam<\/a> through some bogus websites. Here&#8217;s how these scammers benefit themselves and put beneficiaries at potential harm.<\/p>\n<p><strong>From Phishing to Money Scam: How Scammers are taking advantage of users? <\/strong><\/p>\n<p>Scammers were prevalent throughout the pandemic. Since the start, fraudsters have been bombarding consumers with new tricks, using their own versions of fake Co-WIN websites to extract money from users.<\/p>\n<p>When users access the website <a href=\"http:\/\/www.indiavaccine.com\"><u>www[.]indiavaccine1[.]com<\/u><\/a>, coming in the SMS, they are redirected to a home page for Vaccine Reservation, where they are asked to pay rupees 3960 INR for two doses in advance. Users are given an assurance of refund once the vaccination is done.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-90304 aligncenter\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2021\/09\/Sms_Image.png\" alt=\"\" width=\"326\" height=\"113\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Sms_Image.png 326w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Sms_Image-300x104.png 300w\" sizes=\"(max-width: 326px) 100vw, 326px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-90292 aligncenter\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2021\/09\/Image1-Menu-Page-650x276.png\" alt=\"\" width=\"650\" height=\"276\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image1-Menu-Page-650x276.png 650w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image1-Menu-Page-300x127.png 300w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image1-Menu-Page-768x326.png 768w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image1-Menu-Page-789x335.png 789w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image1-Menu-Page.png 1099w\" sizes=\"(max-width: 650px) 100vw, 650px\" \/><\/p>\n<p>The detailed analysis of the money scam by Quick Heal Security Labs is as below. The home page contains three submenus redirecting the user to http[:]\/\/shenqiwunet[.]com fake web page \u2013<\/p>\n<ul>\n<li><strong>National Vaccination \u2013 <\/strong>Contains a video link \u201chttp[:]\/\/shenqiwunet[.]com\/video\/202107\/2827[.]html\u201d<\/li>\n<li><strong>About Vaccine \u2013 <\/strong>Contains vaccine-related instructions while confusing users of the shortage so that they book the vaccine faster.<\/li>\n<li><strong>Appointment Steps \u2013 <\/strong>Contains vaccination process information. The IP associated with this fake website was linked to China, and the downloaded files are malicious.<\/li>\n<li><strong>Contact Us \u2013 <\/strong>The registered fake WhatsApp number is under a painter named \u2018Kumar\u2019 from Tamil Nadu on Truecaller.<\/li>\n<\/ul>\n<p>While booking the slot, scammers ask for personal information, including name, ID card number, and contact information. The website does not validate any information given by the victim. Instead, directly asks for the payment mode.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-90305 aligncenter\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2021\/09\/user_details-650x236.png\" alt=\"\" width=\"650\" height=\"236\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/user_details-650x236.png 650w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/user_details-300x109.png 300w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/user_details-768x279.png 768w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/user_details-789x287.png 789w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/user_details.png 1086w\" sizes=\"(max-width: 650px) 100vw, 650px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>There are three different payments modes to choose from :<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-90306 aligncenter\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2021\/09\/paymeny-methods-650x186.png\" alt=\"\" width=\"650\" height=\"186\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/paymeny-methods-650x186.png 650w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/paymeny-methods-300x86.png 300w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/paymeny-methods.png 764w\" sizes=\"(max-width: 650px) 100vw, 650px\" \/><\/p>\n<p><b><\/b><strong><b>1.DDPAY \u2013 <\/b><\/strong><\/p>\n<p>The user is redirected to a web page in Chinese where the order number and a valid date for the appointment for vaccination are shown. Victims need to choose between Bank or UPI as the final payment method.<\/p>\n<p>Under the UPI option, users have to pay money to the UPI ID given on the screen. The screen also displays a notice not to use Paytm Wallet to transfer the money.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-90311 aligncenter\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2021\/09\/Image-5-1-326x390.png\" alt=\"\" width=\"326\" height=\"390\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image-5-1-326x390.png 326w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image-5-1-250x300.png 250w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image-5-1.png 530w\" sizes=\"(max-width: 326px) 100vw, 326px\" \/><\/p>\n<p>As the final step, users are asked to fill in the reference number. Even though the victim enters the wrong 12-digit reference number, the message of successful submission is displayed.<\/p>\n<p><b><\/b><strong><b>2. Marspay Payment Method 1 \u2013 <\/b><\/strong><\/p>\n<p>Under this method, the user is redirected to https:\/\/star1122.com, where they are asked to enter UPI account details.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-90308 aligncenter\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2021\/09\/Image-2.png\" alt=\"\" width=\"530\" height=\"238\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image-2.png 530w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image-2-300x135.png 300w\" sizes=\"(max-width: 530px) 100vw, 530px\" \/><\/p>\n<p><b><\/b><strong><b>3. Global Pay Payment Method 2 \u2013<\/b><\/strong><\/p>\n<p>Under this method, the user is redirected to https[:]\/\/gateway[.]shineupay[.]com and after clicking on \u2018Recharge\u2019, the user is further redirected to https[:]\/\/mixint[.]fxsgkt[.]com for payment.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-90309 aligncenter\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2021\/09\/Image-3-641x390.png\" alt=\"\" width=\"641\" height=\"390\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image-3-641x390.png 641w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image-3-300x182.png 300w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image-3-768x467.png 768w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image-3-789x480.png 789w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image-3.png 942w\" sizes=\"(max-width: 641px) 100vw, 641px\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-90310 aligncenter\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2021\/09\/Image-4-650x192.png\" alt=\"\" width=\"650\" height=\"192\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image-4-650x192.png 650w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image-4-300x88.png 300w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image-4-768x227.png 768w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image-4-789x233.png 789w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/09\/Image-4.png 1156w\" sizes=\"(max-width: 650px) 100vw, 650px\" \/><\/p>\n<p>The IP associated with all the above URL\u2019s had suspicious relations in the past as well.<\/p>\n<h3><strong><b>How to protect yourself and stay safe? <\/b><\/strong><\/h3>\n<p>While we regularly check our emails for any vaccine updates or confirmations, it can be hard to distinguish between legitimate and phishing emails. The best way to protect yourself from scammers is by learning to recognize the red flags. Knowing the red flags in advance will make you less likely to click on that convincing email.<\/p>\n<ul>\n<li>Proactively search for authentic websites or go directly to the government website\/hospital to get the correct information.<\/li>\n<li>Keep an eye out for fake CoWin websites or vaccine registration apps. Apart from these, also be aware of other portals and platforms popping up on social media platforms or being flagged by government officials.<\/li>\n<li>Always check URLs. Hackers are creating sites that look like official healthcare institutions and vaccine providers. Navigate directly to official websites such as CDC.gov and your state\/city\u2019s official website.<\/li>\n<li>Be aware \u2013 you don\u2019t have to put your name on the list or buy a slot to get the vaccine. That\u2019s a scam. Legit organizations will not call for the vaccine or ask to pay money or your credit card number.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>If you think you were scammed, just report to the Federal Trade Commission. Any third-party email or SMS claiming to help with the registration process for the vaccine could be potentially dangerous. Users are requested to not click on the links on such messages.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As the COVID-19 vaccination drive kicks off in India, phishing scammers are looking to cash in on people&#8217;s quest to get the vaccine. Adversaries are tricking users into handing over cash or financial details in a recent bolstered vaccination scam through some bogus websites. Here&#8217;s how these scammers benefit themselves and put beneficiaries at potential [&hellip;]<\/p>\n","protected":false},"author":96,"featured_media":90337,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1739,303,1],"tags":[1860,1859,1861,1858,1766,613,1770],"class_list":["post-90319","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-phishing","category-uncategorized","tag-covid19","tag-moneyscam","tag-phishingscam","tag-vaccine","tag-cowin","tag-scam","tag-vaccination"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/90319"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=90319"}],"version-history":[{"count":10,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/90319\/revisions"}],"predecessor-version":[{"id":91444,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/90319\/revisions\/91444"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media\/90337"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=90319"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=90319"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=90319"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}