Initiative against malicious COVID-19 registrations


    - by David Goldstein -

    With criminals taking advantage of the current COVID-19 pandemic around the world, there are various ways authorities are working to combat them, particularly online. Two of these have been the New York Attorney General and the Spanish National Police who have been working to thwart malicious domain name registrations involving the current pandemic.

    Prosecution works with registrars

    The New York Attorney General, Letitia James, is working with some of the major American domain name registrars in an effort to stop the registration and use of domain names by criminals trying to unlawfully and fraudulently profit off consumers’ fears around the coronavirus COVID-19. So far this year, the Office of the Attorney General has seen a spike in coronavirus-related domains being registered for the purposes of deceptive advertising, phishing schemes and malware dissemination.

    “In this time of uncertainty, it’s more important than ever that we remain cautious when it comes to companies and individuals selling coronavirus-related products and services over the internet,” said Attorney General James. “These scam sites are not only stoking fear in the hearts and minds of Americans, but are profiting off their appalling deception. We need all consumers to remain vigilant, as my office continues to work diligently to take down these websites and ensure scammers, cons and cheats are held responsible for their unlawful actions. I encourage any individual with information related to these scam sites to report them to my office immediately.”

    COVID-19 Domains on the rise

    Since COVID-19 initially began to spread in January, the OAG has discovered that cybercriminals have been registering a significant number of domain names related to “coronavirus” and using those domains to conduct phishing campaigns and other attacks. One independent study found that three percent of domains registered since January mentioning coronavirus have been found to be actively malicious, with an additional five percent categorised as suspicious. These sites have not only marketed fake “treatments” and “vaccines,” but have also potentially created fake “charities” and even coronavirus-related investment opportunities for individuals to invest their money in.

    Spanish National Police monitors domains

    In Spain it was the Spanish National Police who had monitored 415,973 domain names related to COVID-19 from the beginning of the year to early April with the aim of finding possible indications of illegal activity. During this process, they found 120,353 domain names suspected of being used for illegal activities, or with the potential to do so in a very short time.

    The National Police (Policía Nacional) then undertook a more thorough analysis both of the domains themselves, as well as the web pages and servers to which each of them pointed. This resulted in finding 45,773 domains that were being used for criminal activities. The news release from the National Police doesn’t indicate whether they are only focussed on domain names under Spain’s ccTLD .es or a wider search.

    The Central Cybercrime Unit of the National Police (Unidad Central de Ciberdelincuencia de la Policía Nacional) has requested, obtained and verified the blocking of all of the domains and, at the moment, continues its monitoring work in case the block of any of these websites is lifted, even though this possibility is considered unlikely. On the remaining 74,580 domains with indications they may be activated in the future to commit cybercrime-related activities, the monitoring process is continuing to in case they are activated, and if so proceed to their blocking if it’s warranted.

    These are how just two jurisdictions are working to combat the cybercriminal scourge, using two different methods. Undoubtedly many other jurisdictions, state/provincial and national, are working to combat the cybercriminals taking advantage of internet users.