FEDERAL OFFICIALS WARN AGAINST GROWING THREAT OF COVID-19 FRAUD
Federal law enforcement officials have disrupted “hundreds of fraudulent websites” that were exploiting fears about coronavirus, including maliciously posing as government agencies running relief programs, posing as legitimate companies and even the American Red Cross, according to a U.S. Justice Department announcement.
“As of April 21, 2020, the FBI's Internet Crime Complaint Center (IC3) has received and reviewed more than 3,600 complaints related to COVID-19 scams, many of which operated from websites that advertised fake vaccines and cures, operated fraudulent charity drives, delivered malware, or hosted various other types of scams.
To attract traffic, these websites often utilized domain names that contained words such as “covid19,” or “coronavirus.” In some cases, the fraudulent sites purported to be run by, or affiliated with, public health organizations or agencies,” according to the announcement.
Of special concern, shortly after the IRS notified the public of web links to apply for the COVID-19 related stimulus payments, the FBI identified a number of look-alike IRS stimulus payment domains. The New York Times reports that people are already finding their identities have been stolen and used to apply for the stimulus checks in their names, including one Oklahoma woman who told the paper she was scammed out of $3,400 in benefits due to her and her husband and two children.
“I cried all day,” said Krystle Phelps, who is about a month away from being unable to pay her mortgage and has cut out everything but the basics, canceling cable and eliminating snacks for the kids. “It is a little relief, and then you find out it isn’t happening.”
The DOJ says multiple federal agencies are working to analyze the complaints, investigate ongoing fraud, phishing, or malware schemes, and assemble vetted referrals. Agencies have sent hundreds of these referrals to the private-sector companies managing or hosting the domains.
Many of those companies, in turn, have taken down the domains after concluding that they violated their abuse policies and terms of service, without requiring legal process. Domain registrars and registries have advised the department that they have established teams to review their domains for COVID-19 related fraud and malicious activity.
“The unfortunate fact is the only limitation here is the limitation on the creativity of these fraudsters to come up with ways to use the situation that we all find ourselves in to separate individuals, businesses and the government from lots of money,” said Brian Benczkowski, the assistant attorney general in charge of the criminal division.
A new study by Palo Alto Networks, a global cybersecurity firm, found that from February through March, there was a 569% growth in malicious domain registrations, including malware and phishing; and a 788% growth in “high-risk” registrations, including scams, unauthorized coin mining, and domains that have evidence of association with malicious URLs within the domain or utilization of bulletproof hosting. As of the end of March, the researchers identified 116,357 coronavirus-related newly registered domain names. Out of these, 2,022 are malicious and 40,261 are “high-risk”.
To help avoid being victimized by these cyber actors, the FBI is providing the following tips:
- Independently verify the identity of any company, charity, or individual that contacts you regarding COVID-19.
- Check the websites and email addresses offering information, products, or services related to COVID-19. Be aware that scammers often employ addresses that differ only slightly from those belonging to the entities they are impersonating. For example, they might use “cdc.com” or “cdc.org” instead of “cdc.gov.”
- Be wary of unsolicited emails offering information, supplies, or treatment for COVID-19 or requesting your personal information for medical purposes. Legitimate health authorities will not contact the public this way.
- Do not click on links or open email attachments from unknown or unverified sources. Doing so could download a virus onto your computer or device.
- Make sure the anti-malware and anti-virus software on your computer is operating and up to date. Keep your operating system up to date as well.
- Ignore offers for a COVID-19 vaccine, cure, or treatment. Remember, if a vaccine becomes available, you will not hear about it for the first time through an email, online ad, or unsolicited sales pitch.
- Check online reviews of any company offering COVID-19 products or supplies. Avoid companies whose customers have complained about not receiving items.
- Research any charities or crowdfunding sites soliciting donations in connection with COVID-19 before giving any donation. Remember, an organization may not be legitimate even if it uses words like “CDC” or “government” in its name or has reputable looking seals or logos on its materials. For online resources on donating wisely, visit the Federal Trade Commission (FTC) website.
- Be wary of any business, charity, or individual requesting payments or donations in cash, by wire transfer, gift card, or through the mail. Do not send money through any of these channels.