• by Ray Schultz , Columnist, March 23, 2020

The COVID-19 crisis has had at least one predictable result: phishing artists are working overtime to victimize frightened people.

Consider these items from the past several days:

• Scam artists are offering COVID-19 test kits and other items by email. 
• There has been a 738% increase in the number of COVID-19-related terms on dark web sources, according to the cyber security company Digital Shadows.
• Mimecast’s Intel team has spotted over 300 examples of a credential-stealing scam that uses a faked OneDrive login. 
• The FTC and FCC have warned consumers to beware of emails pretending to be from the Centers for Disease Control and Prevention (CDC).

And, on Saturday, the U.S. Justice Department announced its first COVID-19 fraud action: against a defendant it identified as “coronavirusmedicalkit.com.”

The U.S. District Court for the Western District of Texas has issued a temporary restraining order against the outfit pending a hearing on a request for a preliminary injunction. Given the need to shelter in place, that could take months.

The complaint alleges that this website features a photo of Dr. Anthony Fauci, who is director of the National Institute of Allergy and Infectious Diseases, and states: “Due to the recent outbreak for the Coronavirus (COVID-19) the World Health Organization is giving away vaccine kits. Just pay $4.95 for shipping.”

Most people have had it drummed into their heads that test kits are hard to come by. But naïve parties who click on a link on this site are brought to a page showing the FedEx logo. There they are urged to provide credit card and billing information, the complaint says.

The complaint also alleges that “NameCheap, Inc. plays a critical role in the scheme by serving as the domain registrar of the website, which allows potential victims to access the website. “

NameCheap CEO Richard Kirkendall responds that the firm is "actively working with authorities to both proactively prevent, and take down any fraudulent or abusive domains or websites related to COVID19 or the Coronavirus. These actions also include banning such terms from our available domain name search tool to prevent them from being registered going forward.”  

Of course, the courts may be moving slowly at this moment.

Regardless of the merits of this case, people should know better than to click on suspicious links. That goes double for people working at home who presumably have received training in cyber security.

For those who haven’t, the DOJ recommends that they:

• Independently verify the identity of any company, charity, or individual that contacts them regarding COVID-19.
• Check the websites and email addresses offering information, products, or services related to COVID-19.
• Ignore offers for a COVID-19 vaccine, cure, or treatment.
• Beware of email domains like “cdc.com” or “cdc.org” instead of “cdc.gov,” that  that impersonate legitimate addresses.