The COVID-19 crisis has had at least one predictable result: phishing artists are working overtime to victimize frightened people.
Consider these items from the past several days:
- Scam artists are offering COVID-19 test kits and other items by email.
- There has been a 738% increase in the number of COVID-19-related terms on dark web sources, according to the
cyber security company Digital Shadows.
- Mimecast’s Intel team has spotted over 300 examples of a credential-stealing scam that uses a faked OneDrive login.
- The FTC and
FCC have warned consumers to beware of emails pretending to be from the Centers for Disease Control and Prevention (CDC).
And, on Saturday, the U.S. Justice Department announced its
first COVID-19 fraud action: against a defendant it identified as “coronavirusmedicalkit.com.”
The U.S. District Court for the Western District of Texas has issued a temporary
restraining order against the outfit pending a hearing on a request for a preliminary injunction. Given the need to shelter in place, that could take months.
The complaint alleges that this
website features a photo of Dr. Anthony Fauci, who is director of the National Institute of Allergy and Infectious Diseases, and states: “Due to the recent outbreak for the
Coronavirus (COVID-19) the World Health Organization is giving away vaccine kits. Just pay $4.95 for shipping.”
Most people have had it drummed into their heads that test kits are hard
to come by. But naïve parties who click on a link on this site are brought to a page showing the FedEx logo. There they are urged to provide credit card and billing information, the complaint
says.
The complaint also alleges that “NameCheap, Inc. plays a critical role in the scheme by serving as the domain registrar of the website, which allows potential victims to access the
website. “
NameCheap CEO Richard Kirkendall responds that the firm is "actively working with authorities to both proactively prevent, and take down any fraudulent or abusive domains or
websites related to COVID19 or the Coronavirus. These actions also include banning such terms from our available domain name search tool to prevent them from being registered going
forward.”
Of course, the courts may be moving slowly at this moment.
Regardless of the merits of this case, people should know better than to click on suspicious
links. That goes double for people working at home who presumably have received training in cyber security.
For those who haven’t, the DOJ recommends that they:
- Independently verify the identity of any company, charity, or individual that contacts them regarding COVID-19.
- Check the websites and email addresses offering information, products, or
services related to COVID-19.
- Ignore offers for a COVID-19 vaccine, cure, or treatment.
- Beware of email domains like “cdc.com” or “cdc.org” instead of
“cdc.gov,” that that impersonate legitimate addresses.