27 November 2021

Pass to nowhere: Group-IB assists Italian law enforcement in identification of fraudsters selling fake Green Passes

Group-IB, one of the global cybersecurity leaders, has assisted Guardia di Finanza (GdF), the Italian law enforcement agency responsible for dealing with financial crime, in the probe into activities of the criminal organization which trafficked fake Green Passes — documents issued for vaccinated Italian citizens and those tested negative or recently recovered from COVID-19 — via Telegram messenger. As a result of the No-Vax Free operation, several suspected administrators of the Telegram channels were searched in Veneto, Liguria, Apulia, and Sicily. The suspects admitted the offence.


The fraudulent activity came into the spotlight of Guardia di Finanza in mid-July, after which it involved Group-IB’s Amsterdam-based hi-tech crime investigation department. Group-IB analysts managed to confirm the existence of at least 35 Telegram channels offering for sale fake Green Passes, with their total audience amounting to about 100,000 users, and carried out a research to help reveal suspected perpetrators’ identities. The buyers were promised «authentic Green Passes with QR codes» — the proof of vaccination, a negative test or recovery from the COVID-19. The sellers claimed it was possible thanks to the complicity of health workers. In reality, they were nothing but fake.

With the support of Group-IB, the GdF provided a complete report to the Milan Public Prosecutor’s Office, after which it embarked on a law enforcement action that led to several searches on Italian citizens in the provinces of Veneto, Liguria, Apulia, and Sicily. The suspects confessed to managing a network of the Telegram channels. As a result of the cooperative effort, the number of active Telegram channels dropped. The law enforcement action is still ongoing as new channels tend to appear again.

We urge the Italians not to use these phony illegal services as they not only lose their money, but they submit their sensitive personal data to criminals and put themselves at a greater risk of follow up scams. I thank Group-IB’s team for supporting the GdF investigation to unmask this criminal organization.

Gian Luca Berruti

Gian Luca Berruti

Colonel, Guardia di Finanza

According to Group-IB Digital Risk Protection (DRP) analysts, the average price for fake Green Passes sits at €100 and depends on its form — either digital or printed. The fraudsters offer their customers various payment methods, including cryptocurrency payments (Bitcoin, Ethereum), PayPal money transfer or voucher payments, like Amazon gift cards.

An example of Telegram post offering for sale fake Green Pass

An example of Telegram post offering for sale fake Green Pass

To get a Green Pass, the potential customer is asked to create a secret chat on Telegram with the seller — by doing so, threat actors hoped to protect themselves against potential disclosure. The customer is then asked to reveal their personal info that is allegedly contained in the QR code — their first and last name, date of birth, city of residence, and tax code identifier. In some cases, sellers also ask the purchaser to share photos of their health card, identification documents, and their home address to allegedly send them the printed certificate. After receiving the personal information of the buyer and the payment, threat actors either delete the chat and disappear, or send back a fake QR code.

An example of Telegram post offering for sale fake Green Pass

Photos of digital and printed Green Passes provided by sellers to their buyers

Italy is one of the core elements of our global threat hunting and research ecosystem. Thanks to our growing knowledge about local specific threats we were able to help the GdF to unmask the administrators of the Telegram channel and assisted in collection of digital evidence. Prompt and effective collaboration with the GdF and Milan Public Prosecutor’s Office made possible unveiling the perpetrators, which resonates with our commitment to fighting cybercrime of any origin.

Anton Ushakov

Anton Ushakov

Deputy Head of the Group-IB’s High-Tech Crime Investigation Department, Europe

Group-IB is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, headquartered in Singapore. The company’s threat intelligence and research centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), Europe (Amsterdam), and Russia (Moscow).

Group-IB’s Threat Intelligence & Attribution system has been named one of the best in class by Gartner, Forrester, and IDC. Group-IB’s Threat Hunting Framework (earlier known as TDS) intended for the proactive search and the protection against complex and previously unknown cyberthreats has been recognized as one of the leaders in Network Detection and Response by the leading European analyst agency KuppingerCole Analysts AG, while Group-IB itself has been recognized as a Product Leader and Innovation Leader. Gartner identified Group-IB as a Representative Vendor in Online Fraud Detection for its Fraud Hunting Platform. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for its Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks with the company’s patented technologies at its core.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 18 years of hands-on experience in cybercrime investigations worldwide and 70,000 hours of cybersecurity incident response accumulated in our leading forensic laboratory, high-tech crime investigations department, and round-the-clock CERT-GIB. Group-IB is a partner of Europol.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for filling out the form! We will get back to you shortly.
Cookies

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

 
Report an incident