Two accused of COVID-19 vaccine fraud under Computer Misuse Act

The UK's National Crime Agency (NCA) has taken its case against two Luton men further by charging them over the alleged distribution of fraudulent COVID-19 vaccination records.

Waqas Hanif, 26, who was arrested in January 2022, and Touqir Nasir, 29, who attended a voluntary interview in March 2022, are charged under the Computer Misuse Act and Fraud Act.

The pair allegedly created fake vaccine records and sold them via online marketplaces between June and October 2021. Investigators said nearly 2,000 records were distributed during that time, and £145,000 ($178,000) in cash was seized from a safety deposit box in Luton.

Acquiring fake COVID-19 vaccine records allowed the unvaccinated to bypass travel and health and safety restrictions mandating vaccinations.

"Receiving a vaccine is a matter of individual choice. However, abusing our healthcare system to facilitate unvaccinated individuals to bypass restrictions that are in place to protect the British public is illegal," said Paul Foster, deputy director at the NCA's National Cyber Crime Unit.

"Working closely with the NHS England Counter Fraud Team, this investigation has helped to secure the safety of our communities by preventing organized criminals from further undermining the national pandemic response and benefiting financially from the damaging service they provided."

Both men are due to appear in Luton Magistrates' Court today.

Other cases

The NCA highlighted that other players had profited from the type of fraudulent scheme it is accusing the suspects of. The agency suspects that legitimate healthcare professionals were recruited by organized crime groups (OCGs) to generate the fraudulent records, which were then sold illegally.

Various other arrests for vaccine fraud were made during the pandemic years in the UK, and the issue wasn't localized to the British Isles either. 

Nicholas Sciotto, 34, of Salt Lake City, was sentenced to 12 months in prison and to pay a $40,000 fine in October 2024 after he was found to have sold around 120,000 fake vaccine record cards, profiting by $400,000 in the process. He sold the cards on Facebook for $10 each, requiring a minimum of ten cards per order, plus $5 for shipping. 

In one scenario, Sciotto falsely presented himself to the owner of a print shop as a hospital volunteer who was authorized to print copies of vaccine cards.

Months earlier in July, 66-year-old Kathleen Breault of Cambridge, NY, pleaded guilty to allegations that she destroyed more than 2,600 COVID-19 vaccines and issued the same number of vaccine record cards to those who hadn't received the jab.

The midwife at Albany's Sage-Femme Midwifery PLLC agreed to pay $37,000 in restitution and was sentenced in December to three years on probation.

• RAC duo busted for stealing and selling crash victims' data
• UK activists targeted with Pegasus spyware ask police to charge NSO Group
• UK cops arrest teen suspect in MGM Resorts cyberattack probe
• Another RAC staffer nabbed for storing, sharing car crash data

Similar schemes equally pervaded Australia around the same time, and even former Brazil president Jair Bolsonaro was accused by police of using fraudulent vaccine records during his time in office.

The distribution of fake vaccine records was just one of the many schemes scammers whipped up to defraud vulnerable people during the pandemic.

Some, like David Chambers of South West London, who had a history of exploiting elderly people, pretended to administer a COVID-19 vaccine to a 92-year-old woman and charged her £140, which she paid. He was sentenced to three-and-a-half years in prison in August 2021.

Many phishing messages were themed along these lines too, prompting the UK government to issues various alerts, alongside Action Fraud, warning the public of such scams.

Some offered vaccines via SMS messages and calls in exchange for cash or financial details. In other scams, victims were contacted via the same channels and asked to either press a number on their keypad or respond to an SMS message, which would lead to a charge being applied to their account and their details collected for use again by fraudsters.

NHS web pages were also spoofed regularly, asking people to pay for vaccines they would never receive. No UK residents were charged to receive official vaccines by the NHS throughout the pandemic. ®