In a press release issued April 22, 2020, federal authorities announced that an ongoing cooperative effort between law enforcement and a number of private-sector companies, including multiple internet domain providers and registrars, disrupted hundreds of internet domains used to exploit the COVID-19 pandemic to commit fraud and other crimes.
As of April 21, 2020, the FBI’s Internet Crime Complaint Center (IC3) received and reviewed more than 3,600 complaints related to COVID-19 scams, many of which operated from websites that advertised fake vaccines and cures, operated fraudulent charity drives, delivered malware, or hosted various other types of scams. To attract traffic, these websites often used domain names that contained words such as “covid19,” or “coronavirus.” In some cases, the fraudulent sites purported to be run by, or affiliated with, public health organizations or agencies.
The press release provided the following examples of activities disrupted by the cooperative effort:
- An illicit website pretending to solicit and collect donations to the American Red Cross for COVID-19 relief efforts.
- Fraudulent websites that spoofed government programs and organizations to trick American citizens into entering personally identifiable information, including banking details.
- Websites of legitimate companies and services that were used to facilitate the distribution or control of malicious software.
According to the press release, multiple federal agencies worked to analyze the complaints, investigate ongoing fraud, phishing, or malware schemes, and assemble vetted referrals. Agencies sent hundreds of these referrals to the private-sector companies managing or hosting the domains. Many of those companies, in turn, have taken down the domains after concluding that they violated their abuse policies and terms of service, without requiring legal process. Domain registrars and registries advised the department that they have established teams to review their domains for COVID-19 related fraud and malicious activity. Cybersecurity researchers have also made important contributions by developing sophisticated tools to identify malicious domains and refer them for mitigation. Law enforcement is actively reviewing leads, including those referred by private firms, to verify unlawful activity and quickly pursue methods for disruption.
The press release also noted that shortly after the IRS notified the public of web links to apply for the COVID-19 related stimulus payments, the FBI identified a number of look-alike IRS stimulus payment domains. These look-alike domains are often indicative of future phishing schemes and in order to minimize the potentialfraudulent use of these domains, the FBI alerted numerous domain registries and registrars to the existence of these look-alike URLs.
The DOJ made it clear that it will continue to collaborate with law enforcement and private sector partners to combat online COVID-19 related crime. The DOJ is also working to provide COVID-19 related training and technical assistance in other countries through the International Computer Hacking and Intellectual Property (ICHIP) program. In one Justice Department-supported action, a state prosecutor in Brazil took down a fake site purporting to belong to a leading Brazilian brewery. The website publicized the distribution of free sanitizer, but in fact was infecting the computer systems of numerous Brazilian consumers with malware. The ICHIP-mentored prosecutor further requested that the site’s U.S.-based registrar suspend it and preserve any account and transactional data linked to the site. The investigation is ongoing, and the ICHIP continues to mentor the prosecutor remotely on this case and on best practices for engaging with U.S. registrars and providers. Similar activities are planned in other regions with ICHIP attorneys.
The DOJ provides the following tips to help protect individuals and businesses from being victimized by cyber actors:
- Independently verify the identity of any company, charity, or individual that contacts you regarding COVID-19.
- Check the websites and email addresses offering information, products, or services related to COVID-19. Be aware that scammers often use addresses that differ only slightly from those belonging to the entities they are impersonating. For example, they might use “cdc.com” or “cdc.org” instead of “cdc.gov.”
- Be wary of unsolicited emails offering information, supplies, or treatment for COVID-19 or requesting your personal information for medical purposes. Legitimate health authorities will not contact the public this way.
- Do not click on links or open email attachments from unknown or unverified sources. Doing so could download a virus onto your computer or device.
- Make sure the anti-malware and anti-virus software on your computer is operating and up-to-date. Keep your operating system updated as well.
- Ignore offers for a COVID-19 vaccine, cure, or treatment. Remember, if a vaccine becomes available, you will not hear about it for the first time through an email, online ad, or unsolicited sales pitch.
- Check online reviews of any company offering COVID-19 products or supplies. Avoid companies whose customers have complained about not receiving items.
- Research any charities or crowdfunding sites soliciting donations in connection with COVID-19 before giving any donation. Remember, an organization may not be legitimate even if it uses words like “CDC” or “government” in its name or has reputable looking seals or logos on its materials. For online resources on donating wisely, visit the Federal Trade Commission (FTC) website.
- Be wary of any business, charity, or individual requesting payments or donations in cash, by wire transfer, gift card, or through the mail. Do not send money through any of these channels.
If you think you are a victim of a fraud or attempted fraud involving COVID-19, call the National Center for Disaster Fraud Hotline at 1-866-720-5721 or email at firstname.lastname@example.org. If it is a cyber scam, submit your complaint through https://www.ic3.gov.
To find more about Department of Justice resources and information, visit www.justice.gov/coronavirus.