Group-IB helps Italian officials take down scammers selling COVID-19 docs via Telegram

Just days after the Italian government announced that it would tighten restrictions linked to its COVID-19 health pass, Italian police announced that they had broken up a criminal gang selling hundreds of fake passes and certificates via Telegram.

The cybercrime prosecutor’s office in Milan said in a statement that it had worked with Group-IB, a cyber security firm, to identify a handful people they believe acted as administrators in at least 35 different Telegram channels peddling what they claimed were “authentic Green Passes with QR codes.”

A Green Pass, first introduced in Israel, is a paper document or app that proves the holder has been fully vaccinated or has recovered from COVID. Last summer, Italy began to require the broad use of the Green Pass as part of its effort to fight the virus. People who want access to restaurants, museums, gyms, and high-speed trains are now required to show proof of vaccination, a negative rapid swab test, or recent recovery from the virus. In October, Italy became the first major European country to require the Green Pass for all workers, private and public.

According to Group-IB, the Green Pass scammers claimed that they had secured authentic passes from health care workers and would pass them to buyers who wanted to appear to be following COVID protocols. All buyers had to do was create a secret chat on Telegram and then provide personal information — their names, date of birth, city of residence and tax code identifiers — which the scammers said would be inserted in the QR code of their passes.

The gang offered customers a variety of payment methods from Bitcoin and Ethereum to PayPal money transfers and Amazon gift cards. Once the scammers received all that information and payment, they just deleted the chats and disappeared or, in some cases, provided a fake QR code.

According to Group-IB, the Telegram channels selling the passes had some 100,000 users and the average price for fake health pass was about $130. Neither the police nor Group-IB said how many passes were actually sold or how many people were rounded up as part of the scheme. Italian police would only say they had tracked down suspects in Veneto, Liguria, Apulia, and Sicily and they had confessed. Police said the investigation was ongoing.

News of the takedown comes just days after Italy announced tough new rules for the unvaccinated. Italy plans to introduce a so-called Super Green Pass, a “reinforced” version of the certificate that proves the holder has been vaccinated, recovered from the virus within the last six months or tested negative in the last couple of days.

Italian Prime Minister Mario Draghi announced the new measures and he said the COVID situation in Italy is “under control, we are in the best situation in Europe thanks to the vaccination campaign” which, he said, had been a “remarkable success.”

Dina Temple-Raston

Dina Temple-Raston is the host and executive producer of the Click Here podcast as well as a senior correspondent at The Record. She previously served on NPR’s Investigations team focusing on breaking news stories and national security, technology, and social justice and hosted and created the award-winning Audible Podcast “What Were You Thinking.” She was a longtime foreign correspondent for Bloomberg News in China and served as Bloomberg’s White House correspondent during the Clinton Administration. She is the author of four books, including “The Jihad Next Door: Rough Justice in the Age of Terror,” and “A Death in Texas: A Story of Race, Murder and a Small Town’s Struggle for Redemption.”

Recent Posts

Chinese cyber agency signals support for tech industry

CAC officials set a conciliatory tone towards tech Friday, but are still supervising rides-hailing giant’s…

1 hour ago

Apple releases emergency patch for two iPhone, Mac zero-day vulnerabilities being exploited

Apple said hackers are actively exploiting two zero-day vulnerabilities in iPhones, iPads and Macs. In…

2 hours ago

Google says it stopped the largest DDoS attack ever recorded in June

One of Google’s customers was targeted with the largest distributed denial of service (DDoS) attack…

2 hours ago

European Commission’s Despina Spanou on why cyber officials must ‘learn lessons from crises’

When it comes to privacy and cybersecurity regulations, the European Union often sets the standards…

4 hours ago

Cyber insurers weigh in on latest cybersecurity trends, threats

The numbers speak for themselves: more companies are opting in for cyber insurance coverage than…

1 day ago

TikTok asks House of Representatives to rescind cyber advisory about company

Short-form video giant TikTok refuted claims made by the Chief Administrative Officer (CAO) of the…

1 day ago