Cybercriminals branded the domains “pfizermx.com,” “pfizerksa.com,” “pfizer-vaccines.com,” and “pfizerstockrate.com” with Pfizer and BioNTech logos and graphics to trick visitors into submitting sensitive information.
They would later use these details in fraud or phishing attacks and to enlist unwitting victims in money laundering schemes, the U.S. Department of Justice said in a statement.
Some of these websites deceived users into contacting fake email addresses and phone numbers, while the others attempted to trick visitors into providing bank account information while pretending to invest the money in Pfizer stocks.
Court records show that authorities have also seized three websites falsely branded as UNICEF, which criminals used to exploit the interest in helping people who need assistance in the middle of the pandemic.
These domains also intended to collect personal information by encouraging users to apply for jobs associated with distributing COVID-19 relief funds.
“The COVID-19 pandemic has created significant opportunities for fraudsters to take advantage of individuals seeking information, cures, or vaccines to protect themselves and others. The websites seized in these cases are alleged to be simply masquerading as legitimate COVID-related sites to steal personal information for potentially nefarious purposes,” said Charge Raymond Villanueva, an agent from the U.S. Homeland Security Investigations (HSI).
Last week, Interpol issued a public alert saying that cybercriminals are using logos from pharmaceutical companies to conduct phishing attacks, fraud and deployment of malware.
Interpol also warned of increasing online vaccine scams, claiming that cybercriminals are setting up illicit websites posing as legitimate organizations.
Some sites have even offered visitors pre-orders for vaccines against COVID-19, giving users the option to pay with Bitcoins or other online payment methods.