Messaging app users offered counterfeit NHS Covid Passes

Written by John Johnston on 16 August 2021 in News
News

Investigation by PoliticsHome finds Telegram anti-vaccine groups purporting to purvey fake digital and hard-copy certification

Credit: Piqsels

Counterfeit NHS vaccine certificates are being offered for sale through an encrypted messaging app.

Under the current system, anyone who has received both jabs in the UK can obtain an NHS Covid Pass through the NHS app – or a paper alternative – allowing them to prove their vaccination status when travelling. The system, can be also used to control access to events and venues in England, has prompted a backlash from anti-vaccination groups. 

Analysis by PublicTechnology sister publication PoliticsHome found multiple groups on the open-source messaging platform, with hundreds of thousands of subscribers, allegedly offering fraudulent Covid vaccine certificates for sale. One Telegram group claiming to sell the certificates had more than half a million subscribers. 

After posing as an interested buyer, fake Covid vaccine certificates were offered for £200-per-person by one administrator of the largest group identified. They claimed they had NHS staff willing to alter medical records to ensure the certificates could be used for work or international travel.

The group contacted has since been deleted. At least one further group we identified has also since been deleted. 


Related content


It was easily accessible by a Covid-related search on the encrypted messaging app. The group was filled with anti-vaccine messages and images claiming the public were "at war" with government institutions and offering a "big congratulations" to those who had refused to take the vaccines.

The administrator, who used only a first name, said in a private message that, in order to provide a vaccine certificate, they would require personal information, such as name, address and NHS number, and that it would take around 72 hours after payment to complete the process.

They also claimed that an individual purchasing the fraudulent certificates could list a preference for the dates of their first and second jabs, giving them access to special rules for those who had received both jabs, such as the reduced quarantine restrictions for vaccinated travellers.

"We will register your information under UK medical databases which shows you've been vaccinated as well as on the NHS system,” they said.

Posting in the group, the administrator claimed they had access to doctors “at the top of their game” who were able to provide “vaccine certificates, vaccine cards and vaccine passports” by accessing medical databases and altering patient records.

Pictures of paper vaccine cards and certificates from countries outside the UK, alongside a handwritten note with the administrator's own username, were published to the group to demonstrate they were in possession of the cards.

The group, which has over 500,000 subscribers, also posted images of supposed digital vaccine certificates provided to people who had paid the fee, with personal details redacted, but was unable when asked to provide any evidence the documents had legitimately been provided.

When asked to prove the scheme was not a scam to take money from people without providing them with vaccine certification, the administrator refused to provide the details of any doctors participating in the scheme, and said that payment could only be made through PayPal or Bitcoin, which provide limited protection against potential fraud.

Questioned about the risk of the money being stolen, the admin responded: "We don't go about screwing up people to make a living, you ain't obliged so it's fine."

Government response
Responding to the claims, the Department of Health and Social Care insisted the NHS Covid Pass system had “rigorous security features” to reduce the risk of fraud.

A spokesperson said: “The NHS Covid Pass is a safe, secure and free way for individuals to share their Covid-19 vaccination record – it includes rigorous security features to minimise the risk of fraud and help organisations authenticate the Covid Pass presented to them. The Covid Pass uses vaccination data available from the National Immunisation Database – it is free and no one applying for the pass will be asked to share any bank information or financial details.”

But the prevalence of highly subscribed Telegram groups appearing to offer fraudulent Covid certification raises further questions about efforts by the government to tackle online disinformation related to the pandemic.

In March last year, ministers stood up an anti-disinformation unit aimed at tackling Covid conspiracies online, claiming they were working with social media companies to clamp down on offenders.

Asked about the Telegram groups identified by PoliticsHome, a Cabinet Office spokesperson said: "Government continues to work closely with law enforcement and partners to tackle online scams, including Covid-related fraud."

When asked to provide a comment for publication, both the group administrator's account and the wider group were deleted from Telegram.

Telegram has been approached for comment.

 

About the author

John Johnston is a reporter for PublicTechnology sister publication PoliticsHome, where a version of this story first appeared. He tweets as @johnjohnstonmi.

 

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

App-based freedoms and the relentless battle for cybersecurity
3 September 2021

As our movements increasingly depend on using our smartphones to demonstrate status, we need to ensure technology is secure, according to Dr Sarah Morris, of Cranfield University.

Brexit: Home Office proceeds with work on platform to share policing alerts
26 October 2021

Multimillion-pound system is intended to mitigate the loss of access to pan-European SIS security database