Messaging app users offered counterfeit NHS Covid Passes
Investigation by PoliticsHome finds Telegram anti-vaccine groups purporting to purvey fake digital and hard-copy certification
Counterfeit NHS vaccine certificates are being offered for sale through an encrypted messaging app.
Under the current system, anyone who has received both jabs in the UK can obtain an NHS Covid Pass through the NHS app – or a paper alternative – allowing them to prove their vaccination status when travelling. The system, can be also used to control access to events and venues in England, has prompted a backlash from anti-vaccination groups.
Analysis by PublicTechnology sister publication PoliticsHome found multiple groups on the open-source messaging platform, with hundreds of thousands of subscribers, allegedly offering fraudulent Covid vaccine certificates for sale. One Telegram group claiming to sell the certificates had more than half a million subscribers.
After posing as an interested buyer, fake Covid vaccine certificates were offered for £200-per-person by one administrator of the largest group identified. They claimed they had NHS staff willing to alter medical records to ensure the certificates could be used for work or international travel.
The group contacted has since been deleted. At least one further group we identified has also since been deleted.
It was easily accessible by a Covid-related search on the encrypted messaging app. The group was filled with anti-vaccine messages and images claiming the public were "at war" with government institutions and offering a "big congratulations" to those who had refused to take the vaccines.
The administrator, who used only a first name, said in a private message that, in order to provide a vaccine certificate, they would require personal information, such as name, address and NHS number, and that it would take around 72 hours after payment to complete the process.
They also claimed that an individual purchasing the fraudulent certificates could list a preference for the dates of their first and second jabs, giving them access to special rules for those who had received both jabs, such as the reduced quarantine restrictions for vaccinated travellers.
"We will register your information under UK medical databases which shows you've been vaccinated as well as on the NHS system,” they said.
Posting in the group, the administrator claimed they had access to doctors “at the top of their game” who were able to provide “vaccine certificates, vaccine cards and vaccine passports” by accessing medical databases and altering patient records.
Pictures of paper vaccine cards and certificates from countries outside the UK, alongside a handwritten note with the administrator's own username, were published to the group to demonstrate they were in possession of the cards.
The group, which has over 500,000 subscribers, also posted images of supposed digital vaccine certificates provided to people who had paid the fee, with personal details redacted, but was unable when asked to provide any evidence the documents had legitimately been provided.
When asked to prove the scheme was not a scam to take money from people without providing them with vaccine certification, the administrator refused to provide the details of any doctors participating in the scheme, and said that payment could only be made through PayPal or Bitcoin, which provide limited protection against potential fraud.
Questioned about the risk of the money being stolen, the admin responded: "We don't go about screwing up people to make a living, you ain't obliged so it's fine."
Responding to the claims, the Department of Health and Social Care insisted the NHS Covid Pass system had “rigorous security features” to reduce the risk of fraud.
A spokesperson said: “The NHS Covid Pass is a safe, secure and free way for individuals to share their Covid-19 vaccination record – it includes rigorous security features to minimise the risk of fraud and help organisations authenticate the Covid Pass presented to them. The Covid Pass uses vaccination data available from the National Immunisation Database – it is free and no one applying for the pass will be asked to share any bank information or financial details.”
But the prevalence of highly subscribed Telegram groups appearing to offer fraudulent Covid certification raises further questions about efforts by the government to tackle online disinformation related to the pandemic.
In March last year, ministers stood up an anti-disinformation unit aimed at tackling Covid conspiracies online, claiming they were working with social media companies to clamp down on offenders.
Asked about the Telegram groups identified by PoliticsHome, a Cabinet Office spokesperson said: "Government continues to work closely with law enforcement and partners to tackle online scams, including Covid-related fraud."
When asked to provide a comment for publication, both the group administrator's account and the wider group were deleted from Telegram.
Telegram has been approached for comment.
Department spared £10m fine despite ‘serious breach of the law’
Personal details of civil servant and supplier exposed by inadequately redacted document, discovered by PublicTechnology
Move to introduce code of practice for the likes of facial recognition and fingerprints is believed to be a world first
Regulator says that, while the original £500k penalty was proportionate, the reduced punishment signals changing approach to public sector