COVID-19 Spurs Malicious Websites
Since the outbreak of SARS-COV II, fraudulent, malicious websites, and scams related to the COVID-19 pandemic are flourishing on the internet. Ill-intentioned actors are taking advantage of the global nature of communications.
Real-time information about the virus spiked quickly at the beginning of the pandemic and has continued at a steady pace, as illustrated by the following graph of COVID-19 related queries on search engines.
Aside from the legitimate communication, malicious individuals are also stepping into the breach to maximize their profits.
We are facing a second wave of the pandemic and organized crime is not missing the opportunity“, said the Executive director of the European police agency, the Belgian Catherine De Bolle, at the end of a virtual meeting dated from November 12, 2020, with Police officials from Austria, Belgium, France, Germany, Italy, the Netherlands, Poland, Spain, Switzerland, the United Kingdom and Interpol.
In addition, the Europol report of October 5, 2020 identifies an increase in cyber-fraud crimes including phishing and malware.
Social panic driven by and around COVID-19 rapidly triggered rumors of miraculous vaccines and treatments that are flooding the Internet. These messages target uninformed customers who inevitably end up with fake products, assuming they even receive their shipment. Every updated news report about an expected vaccine generates the need to search for updated information…and an opportunity for bad actors to prey on people looking for a solution.
To better understand the coronavirus-related website trend, CybelAngel launched an investigation over the time period from January through November 2020 of domain names bearing the word coronavirus, covid, or both. Our analysts quickly detected more than 240,000 domain names, the majority of which were created during the beginning of the pandemic.
The research was then expanded to include the term vaccine in English, French, German, Italian, Portuguese, Russian, Spanish. An additional 2,500 domain names were found.
Not all domain names include a website. In fact,; a vast majority of sites were still under construction or used as domain parking at the time detected. While some of these were legitimate, the rest were functional scams. Our Analyst Team categorized the illegitimate sites into three main types of scams: fake masks, fake vaccines, and fake funds.
How to identify fake websites?
While commercialized vaccines to treat the coronavirus are just beginning to be released, there are many phishing websites who have been proposing these vaccines for months. How can you identify these fake vaccine sites? Since March, scams have been spreading across the internet. News about COVID-19 incoming vaccines are a breeding grounds for more performing fraud patterns.
Below is a sample suspicious website that our tools identified during the first lockdown in March 2020, coronavirus-vaccine[.]global It was registered on March 6, 2020 and is now defunct. The home page displayed the following:
This site even offered a discount on the vaccine, which was yet another hint the website was a scam. Although the prescription appears authentic, it is a fake picture created likely with a retouching program. The original picture was a drug named Truvada, which slows the progression of HIV, and was found through a reverse image search. The original prescription picture is below.
What are the risks
Customers victimized by such websites are likely to pay for non-existent prescriptions, personal protection equipment (PPE), or services. All you would lose is money. But at worst, customers could receive fake items, such as: vaccines or masks. The danger is significant to people’s health and well-being. Lastly and as important, these sites are a superb way for your computer to be infected by malware, have a banking trojan installed, or even suffer ransomware.
As a customer, protect yourself from these scams by double-checking each site you come across. Most of the time, popular search engines give a clear overview of what lies behind a (so-called) service. In addition, always use an updated antivirus program.
The COVID 19 crisis offers a rich environment for fraudsters. CybelAngel supports pharmaceutical and healthcare organizations who are in the spotlight of malicious actors that leverage citizens’ fears by exploiting fake domain names. Our tools protect our client’s legitimate domains by monitoring, detecting, and taking down malicious domains, both dormant and active, to keep their brand, business and customers secure.