Federal authorities said they've gotten help from domain providers and others in smashing hundreds of online sites exploiting the COVID-19 pandemic to commit fraud and other crimes.
As of Tuesday, the FBI's Internet Crime Complaint Center (IC3) had received and reviewed more than 3,600 complaints related to COVID-19 scams, the Justice Department said Wednesday.
Many of them “operated from websites that advertised fake vaccines and cures, operated fraudulent charity drives, delivered malware, or hosted various other types of scams,” federal officials said in a release.
To attract traffic, these websites often utilized domain names that contained words such as “covid19,” or “coronavirus.”
In some cases, the fraudulent sites purported to be run by, or affiliated with, public health organizations or agencies.
Several federal agencies have united to analyze the complaints, investigate ongoing fraud, phishing, or malware schemes, and assemble vetted referrals, the Justice Department said.
Soon after the IRS notified the public of web links to apply for coronavirus-related stimulus payments, for example, the FBI said it identified a number of look-alike IRS stimulus payment domains that have been scamming people out of money.
Agencies have sent hundreds of these referrals to the private-sector companies managing or hosting the domains.
Many of those companies, in turn, have taken down the domains after concluding that they violated their abuse policies and terms of service.
Domain registrars and registries told the government that they also have established teams to review their domains for COVID-19 related fraud and malicious activity.
Cybersecurity researchers have also made important contributions by developing sophisticated tools to identify malicious domains and refer them for mitigation. Law enforcement is actively reviewing leads, including those referred by private firms, to verify unlawful activity and quickly pursue methods for disruption.
Operations already disrupted by the government include:
• An illicit website pretending to solicit and collect donations for the American Red Cross’ coronavirus relief efforts;
• Bogus sites that spoofed government programs and organizations to trick American citizens into entering personal info -- including banking details;
• Websites of legitimate companies and services that were hacked to distribute or control malicious software.
Federal authorities “will continue to collaborate with our law enforcement and private sector partners to combat online COVID-19 related crime,” said Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division. “We commend the responsible internet companies that are taking swift action to prevent their resources from being used to exploit this pandemic.”
They also offered tips to help protect individuals and businesses from being victimized by cybercriminals:
• Independently verify the identity of any company, charity, or individual that contacts you regarding COVID-19;
• Check the websites and email addresses offering information, products, or services related to COVID-19. Be aware that scammers often employ addresses that differ only slightly from those belonging to the entities they are impersonating. For example, they might use “cdc.com” or “cdc.org” instead of “cdc.gov”;
• Be wary of unsolicited emails offering information, supplies, or treatment for COVID-19 or requesting your personal information for medical purposes. Legitimate health authorities will not contact the public this way;
• Do not click on links or open email attachments from unknown or unverified sources. Doing so could download a virus onto your computer or device;
• Make sure the anti-malware and anti-virus software on your computer is operating and up to date. Keep your operating system up to date as well;
• Ignore offers for a COVID-19 vaccine, cure, or treatment. Remember, if a vaccine becomes available, you will not hear about it for the first time through an email, online ad, or unsolicited sales pitch;
• Check online reviews of any company offering COVID-19 products or supplies. Avoid companies whose customers have complained about not receiving items;
• Research any charities or crowdfunding sites soliciting donations in connection with COVID-19 before giving any donation. Remember: An organization may not be legitimate even if it uses words like “CDC” or “government” in its name or has reputable looking seals or logos on its materials. For online resources on donating wisely, visit the Federal Trade Commission (FTC) website;
• Be wary of any business, charity, or individual requesting payments or donations in cash, by wire transfer, gift card, or through the mail. Do not send money through any of these channels.
If you think you are a victim of a fraud or attempted fraud involving COVID-19, call the National Center for Disaster Fraud Hotline at 1-866-720-5721 or email firstname.lastname@example.org. If it is a cyber scam, submit your complaint through https://www.ic3.gov.
To find more about Department of Justice resources and information, go to www.justice.gov/coronavirus.
Click here to sign up for Daily Voice's free daily emails and news alerts.