ARLINGTON, Va. — A team of agents from the Department of Homeland Security was combing thousands of websites scouting for evidence of the next phase of fraud schemes: offers of treatments or vaccines for the coronavirus.
One of those agents, in Jacksonville, Fla., spotted a lead on what looked like a website for Moderna, just days before the company entered the final stages of authorization by the Food and Drug Administration for emergency use of its version of the vaccine. But the website listed the wrong phone number for the company and misspelled Moderna in its web address.
The agent quickly established that the site was not owned by Moderna at all.
Given the intense global demand for protection from Covid-19, it is perhaps not surprising that law enforcement authorities are already uncovering fake sites looking to cash in on the desperate search for alternative ways to obtain a vaccine for a disease that has ravaged the world.
That work from the team of agents from the Department of Homeland Security helped secure the latest takedown of a website posted by fraudsters looking to steal personal information under the guise of offering treatments for the coronavirus — and one of the first online schemes to use the name of a company approved by the United States to distribute the vaccine.
Investigators on Friday shut down the website claiming to belong to Moderna but was rather a trap set up to steal personal information and potentially deploy malware, according to a statement issued by the U.S. attorney for the District of Maryland.
The team from Homeland Security Investigations, a division of Immigration and Customs Enforcement, was brought together last spring to combat online fraud that has become pervasive during the pandemic.
The efforts were first focused on fraudulent personal protective gear during widespread shortages for the needed supplies. Now the ICE mission, “Operation Stolen Promise,” has turned to fraudsters claiming to sell the vaccine, deploying special agents trained in searching the dark web to work with private health care companies in shutting down the websites.
The efforts by the investigations unit — which is working in coordination with the F.B.I., the Justice Department and Customs and Border Protection — come as the international organization Interpol warned this month that organized crime networks were looking to take advantage of the high demand for the vaccine, calling it “liquid gold.”
“You have an elderly percentage of the population that’s very concerned about getting the right products and vaccines and P.P.E., and they’re not as internet savvy so they’re more likely to fall victim to these schemes,” said Matthew Swenson, the investigation unit’s network intrusion chief for its cybercrimes center. “If you could create a perfect environment for cyberfraud, this would be it.”
Homeland security officials said there was no evidence yet of criminal groups disrupting the supply chain with actual fake vaccines. But the department told customs officers at the border to be on high alert, advising them on the appearance of approved treatments and products and directing the agents to report back to the team any import that might look suspicious.
“We don’t want to really discourage the American public from accepting vaccinations,” said Steve K. Francis, the director of Homeland Security Investigations’s Intellectual Property Rights Coordination Center. “It’s a completely secure supply chain at this point.”
Table Of Contents
Covid-19 Vaccines ›
Answers to Your Vaccine Questions
With distribution of a coronavirus vaccine beginning in the U.S., here are answers to some questions you may be wondering about:
-
- If I live in the U.S., when can I get the vaccine? While the exact order of vaccine recipients may vary by state, most will likely put medical workers and residents of long-term care facilities first. If you want to understand how this decision is getting made, this article will help.
- When can I return to normal life after being vaccinated? Life will return to normal only when society as a whole gains enough protection against the coronavirus. Once countries authorize a vaccine, they’ll only be able to vaccinate a few percent of their citizens at most in the first couple months. The unvaccinated majority will still remain vulnerable to getting infected. A growing number of coronavirus vaccines are showing robust protection against becoming sick. But it’s also possible for people to spread the virus without even knowing they’re infected because they experience only mild symptoms or none at all. Scientists don’t yet know if the vaccines also block the transmission of the coronavirus. So for the time being, even vaccinated people will need to wear masks, avoid indoor crowds, and so on. Once enough people get vaccinated, it will become very difficult for the coronavirus to find vulnerable people to infect. Depending on how quickly we as a society achieve that goal, life might start approaching something like normal by the fall 2021.
- If I’ve been vaccinated, do I still need to wear a mask? Yes, but not forever. Here’s why. The coronavirus vaccines are injected deep into the muscles and stimulate the immune system to produce antibodies. This appears to be enough protection to keep the vaccinated person from getting ill. But what’s not clear is whether it’s possible for the virus to bloom in the nose — and be sneezed or breathed out to infect others — even as antibodies elsewhere in the body have mobilized to prevent the vaccinated person from getting sick. The vaccine clinical trials were designed to determine whether vaccinated people are protected from illness — not to find out whether they could still spread the coronavirus. Based on studies of flu vaccine and even patients infected with Covid-19, researchers have reason to be hopeful that vaccinated people won’t spread the virus, but more research is needed. In the meantime, everyone — even vaccinated people — will need to think of themselves as possible silent spreaders and keep wearing a mask. Read more here.
- Will it hurt? What are the side effects? The Pfizer and BioNTech vaccine is delivered as a shot in the arm, like other typical vaccines. The injection into your arm won’t feel different than any other vaccine, but the rate of short-lived side effects does appear higher than a flu shot. Tens of thousands of people have already received the vaccines, and none of them have reported any serious health problems. The side effects, which can resemble the symptoms of Covid-19, last about a day and appear more likely after the second dose. Early reports from vaccine trials suggest some people might need to take a day off from work because they feel lousy after receiving the second dose. In the Pfizer study, about half developed fatigue. Other side effects occurred in at least 25 to 33 percent of patients, sometimes more, including headaches, chills and muscle pain. While these experiences aren’t pleasant, they are a good sign that your own immune system is mounting a potent response to the vaccine that will provide long-lasting immunity.
- Will mRNA vaccines change my genes? No. The vaccines from Moderna and Pfizer use a genetic molecule to prime the immune system. That molecule, known as mRNA, is eventually destroyed by the body. The mRNA is packaged in an oily bubble that can fuse to a cell, allowing the molecule to slip in. The cell uses the mRNA to make proteins from the coronavirus, which can stimulate the immune system. At any moment, each of our cells may contain hundreds of thousands of mRNA molecules, which they produce in order to make proteins of their own. Once those proteins are made, our cells then shred the mRNA with special enzymes. The mRNA molecules our cells make can only survive a matter of minutes. The mRNA in vaccines is engineered to withstand the cell’s enzymes a bit longer, so that the cells can make extra virus proteins and prompt a stronger immune response. But the mRNA can only last for a few days at most before they are destroyed.
But special agents have been pulled in to search the dark web for those claiming to sell fake vaccines on the black market. And as vaccine distribution continues in the weeks ahead, homeland security officials are anticipating that Americans will look for alternative ways to obtain a vaccine, presenting an ample opportunity for criminals who have already taken advantage of a competitive market and widespread shortages of medical equipment.
ICE, best known for its division that deports unauthorized immigrants, has investigated more than 500 cases involving counterfeit protective gear, test kits, medications or websites offering illegal vaccines and treatments. The agency conducted another nearly 240 investigations into loan fraud when online fraudsters shifted this summer to schemes claiming to issue pandemic unemployment assistance.
The work of the operation has resulted in more than 180 arrests and in the seizure of more than $27 million in illicit profits. Most of those efforts have been focused on personal protective equipment, but about two months ago, Mr. Francis called together companies that were expected to develop the vaccine to prepare for the next stage of fraud.
Mr. Francis’ team uses different methods. The agents will message a seller on the dark web, asking questions about medical gear or a treatment to gain intelligence and help build a case.
But most of the online fraudsters are setting up on traditional websites, seeking customers who want to be safe from the coronavirus.
The Justice Department blocked one of the first such websites in March when investigators discovered a site that claimed to offer World Health Organization vaccine kits in exchange for entered credit card information to pay for the costs of shipping. In July, the homeland security agents helped shut down a website offering to register users for a coronavirus vaccine that did not yet exist in exchange for $100 of Bitcoin.
And on Friday, investigators shut down websites pretending to belong to an actual biotechnology company: Moderna. The investigation into the site began after the company’s corporate security team flagged it to the homeland security team.
Such referrals happen often. But Mr. Francis’ team also has a filtering system in which agents punch in keywords, like “vaccine” or “hydroxychloroquine,” and the tool will flag hundreds of websites that require further analysis.
The team of 12 analysts will then inspect the sites to spot an error, typo or irregularity. Besides the two errors on the fake Moderna site, the display nearly mirrored the company’s actual site.
But the agents will also look up what date the online domain was established. They found that the domain name for the fake Moderna site was registered on Dec. 8.
“That’s another red flag for cyberfraud,” Mr. Swenson said as he explored the web from the property rights coordination center. “If it doesn’t have a presence on the internet, that’s usually a dead giveaway.”
The agents will confirm with the pharmaceutical companies and other stakeholders, like the World Health Organization, that the sites are fake. ICE will then perform a “sink hole,” in which the agency can use a court order to shut down the website and replace it with a page displaying a law enforcement warning for online users.
“Moderna would refrain from commenting on ongoing security matters and precautions,” said Ray Jordan, a spokesman for the company. “But we would say we are grateful for the collaboration with the U.S. government in the process of developing our Covid-19 vaccine candidate, from the perspectives of career scientists as well as logistics and security experts.”
It is not a perfect science.
If someone hosts their website through a company in a foreign country with a fractured relationship with American law enforcement, there may be nothing the analysts, even with a court order, can do.
“The criminals aren’t just buying them one at a time, two at a time,” Mr. Swenson said, referring to website domains. “They’re buying them in groups of 50 or 100. We take down 100 and they go buy 50 or 100 more. It makes it very difficult to stay ahead of the game.”