Skip to content
Naked Security Naked Security

Battling the global COVID-19 scammers and fake news hawkers

Europol seized 34K fake surgical masks, while the office of NY's AG wants registrars to explain how they're battling the sale of lies.

Thousands of COVID-19 scam and malware sites are being pumped out on a daily basis: people going online to put up coronavirus scam sites or to sell counterfeit surgical masks; fake self-testing kits for HIV and glucose monitoring; and/or bogus antiviral meds, chloroquine (that’s fish-tank cleaner to me and you, and regardless of what you might have heard, please don’t take it – at least one man has already died), Vitamin C or other food supplements.
Law enforcement around the globe is fighting the good fight to limit how many people’s brains these burrs hook their barbs into.


On Friday, the pandemic-afflicted state of New York, governed by COVID-19 savvy lawmakers, let it be known to domain registrars that it’s high time they cracked down on this health-threatening trend.
The office of New York Attorney General Letitia James sent letters – here’s one sent to GoDaddy – to six of the internet’s largest domain name registrars, asking them how they plan to protect New Yorkers and others across the country from these scams by making it tougher to register a domain that’s likely to be selling snake oil, inflicting malware or setting up whatever other trap the crooks have been rushing to put into place.
The letter was penned by the AG Office’s Kim A. Berger, Chief of the Bureau of Internet and Technology.
New York has already taken action to shut these guys down, Berger noted. For example, earlier this month, the AG ordered conspiracy theorist Alex Jones to stop peddling fake coronavirus cures.
Berger’s question, also put to Dynadot,, Namecheap, and others: So what are you doing to stop these scammers?
Berger wants to talk to the registrars about taking these steps to stop bad actors:

  1. The use of automated and human review of domain name registration and traffic patterns to identify fraud.
  2. Human review of complaints from the public and law enforcement about fraudulent or illegal use of coronavirus domains, including creating special channels for such complaints.
  3. Revising terms of service to reserve aggressive enforcement for the illegal use of coronavirus domains.
  4. De-registration of the domains cited in the articles identified above that were registered [with a given registrar], and any holds in place on registering new domains related to coronavirus, or similar blockers that prevent rapid registration of coronavirus-related domains.

ZDNet reached out to six registrars. Namecheap’s CEO, Richard Kirkendall, said in an email that his company has been working with authorities to “proactively prevent, and take down any fraudulent or abusive domains or websites related to COVID19 or the Coronavirus.”

For example, Namecheap is banning scammy terms from its available domain name search tool, to prevent them from being registered. It’s also blocking customers from registering coronavirus scammy-looking domains.
It shouldn’t come as a surprise that Namecheap has been on the forefront of tackling this problem, given that it has the dubious honor of having hosted the first COVID-19 scam site that the US Department of Justice cracked down on.
Europol on Saturday announced that a global operation to target trafficking in counterfeit medicines – named Operation Pangea – has resulted in the seizure of nearly 34,000 counterfeit surgical masks.
Involving 90 countries worldwide, the operation took place between 3 and 10 March and led to the seizure of €13 million (USD $14m, £11.9m) worth of potentially dangerous drugs. Law enforcement officers also coordinated by Interpol took down about 2,500 links to websites, social media, online marketplaces, and ads. Police also arrested 121 COVID-19 scam suspects and took down 37 organized crime groups.
Europol says that the operation, which is ongoing, revealed a “worrying increase” in unauthorized antiviral medications and the antimalarial chloroquine.
Back in February, the World Health Organization (WHO) dubbed the ongoing flood of misinformation and scams an “infodemic.” From its 2 February situation report:

The 2019-nCoV outbreak and response has been accompanied by a massive ‘infodemic’ – an over-abundance of information, some accurate and some not – that makes it hard for people to find trustworthy sources and reliable guidance when they need it.

WHO has been working hard to bust myths. To find out what’s real and what’s garbage, tune in to their channels on Weibo, Twitter, Facebook, Instagram, LinkedIn, Pinterest and its website.

Latest Naked Security podcast


Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

1 Comment

Next-up: Scammers simply use IP addresses to direct people to scammy sites. What can DNS providers do to stop this, they simply are a way to translate a name to an IP. They make the thing your computer is doing anyways much easier to do.
This seems overbearing, shouldn’t they go after the hosting IP itself, not the one giving it a name.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!