The negative Covid-19 test result, purportedly from a company called Tri-Alta Laboratory Corp., would look real enough to most eyes. It even has a disclaimer at the bottom cautioning that a negative test doesn’t rule out infection.
But the document, which was obtained by its user on the dark web, is actually a fraud, though that user says it “worked like a charm” during a September trip to Puerto Rico.
The user even tells people how to get their own fake Covid-19 test documents.
As negative Covid-19 results have increasingly become a requirement for international and even domestic travel around the world, fraudulent test documents like these have become a growing concern. Arrests have been made for counterfeit Covid-19 test documents in France, Brazil, the U.K. and elsewhere.
A fake Covid-19 test result. Fraudulent documents like this, as well as phony vaccination documents, are cropping up on the dark web. Photo Credit: Courtesy of Forter/Daniel Shkedi
Now, with Covid-19 vaccination underway, fake vaccination documents have also begun to emerge.
In one exchange on the dark web this month, for example, an individual who asked for fake vaccination papers was quickly provided with a template of the CDC’s Covid-19 Vaccination Record Card, which could then be easily filled in.
“The number of fake Covid-19 tests and eventually vaccine results if they are not digitized is a huge area of concern, not only for us but for governments and consumers alike,” said Nick Careen, senior vice president for the airport, passenger, cargo and security division at IATA. “We are aware of a numerous amount of counterfeit test results, which have cropped up over the last number of weeks in several countries around the world.”
If such fraud becomes prolific enough, IATA worries that it could weigh on governments when they begin considering border reopenings. In order to reopen, the trade group said in a recent statement, governments “need to be confident that they are mitigating the risk of importing Covid-19 and have confidence in a passenger’s verified Covid-19 status.”
It’s impossible to quantify how much testing result and vaccine certificate fraud is already taking place.
Daniel Shkedi, who regularly combs the dark web as part of his duties as senior product marketing manager for the e-commerce fraud prevention company Forter, said that such fraud is noticeable online but not yet prolific.
“I haven’t seen marketplaces flooded with templates and stuff like that, but when I drill down in the forum, folks are talking about it,” said Shkedi, who provided the examples cited in this article. “It is part of the conversation for sure. As we move on and travel starts to pick up, we’re going to see more of this.”
The primary solution that has been proposed to fight such fraud is the use of digital health passports, on which both testing results and vaccination certificates can be securely uploaded from verified testing centers or vaccination authorities and then linked digitally to a traveler’s identity.
Moving vaccination documentation away from easily manipulated paper records is another essential step, IATA said.
IATA isn’t a disinterested party when it comes to pushing for health passports. Its own Travel Pass, an app to confirm a passenger’s health-related status, is under development and will become available for download on March 1 as it is deployed by Emirates and Etihad. The airline trade group said its goal in developing the solution is to reopen travel rather than to make money off it directly.
Other health passport developers also stress the peril caused by fraudulent test and vaccination documents to the reopening of travel markets.
“It poses a threat to airlines and international borders with the potential for a passenger carrying a fake Covid test certificate or vaccination card — who may be asymptomatic — to board an aircraft and infect other passengers,” the British tech company VSTE, developer of the V-Health Passport, said in a recent press release.
Shkedi, though, cautioned that no solution will be foolproof.
“The challenge with cybersecurity and new verification systems is, eventually, they’re all going to get breached,” he said.