Phishing in coronavirus webspace: GoDaddy, NameCheap restrict COVID-19 websites to prevent cyberfraud

Boston: Internet firm Namecheap is ending the automated registration of website names related to the COVID-19 pandemic, an attempt to combat coronavirus-related fraud, while top domain registries such as GoDaddy have taken down some suspicious websites.

Los Angeles-based Namecheap Inc. made the pledge after a federal judge in Texas ordered the takedown of a website the US Department of Justice accused of stealing credit card information while offering fake coronavirus vaccine kits. The website allegedly offered what it claimed were World Health Organization vaccine kits in exchange for a $4.95 “shipping charge”.

There is currently no vaccine for the coronavirus that causes COVID-19. Experts say it will take 12 to 18 months to develop one.

The DOJ said the site, coronoavirusmedicalkit.com, was harvesting credit card information. The site registered that domain with Namecheap.

Namecheap CEO Richard Kirkendall said in an email to customers Thursday that the company was banning terms such as “coronavirus,” “COVID” and “vaccine” from the company's domain availability search tool. He said company employees could manually register legitimate domains.

The largest US domain registry business, Arizona-based GoDaddy, has not adopted a similar policy but spokesman Dan Race said it has a “human review process that effectively detects and disrupts fraudulent content.”

Toronto-based Tucows Inc., a top competitor whose retail registration business is called Hover, has also not removed virus-related keywords from its customer-facing search engine. The company is, however, flagging all “covid” and “corona” domains for manual review, spokesman Graeme Bunton said. It is looking in particular for fake tests and cures.

Cybersecurity firms have reported a big jump in coronavirus-related internet domains in recent weeks, and say many are the work of cybercriminals sowing malware, scamming the public with false cures and harvesting payment card and other personal information. One cybersecurity firm reported discovering a malicious data-stealing program masquerading as a virus information map.

The New York Attorney General's office wrote Namecheap, GoDaddy and other major U.S. registrars on March 20 asking them to take aggressive measures against the illegal use of coronoavirus domains, including blocking the rapid registration of virus-related domains.

In a tweet the same day the letter was sent, GoDaddy said it had already removed sites promoting online coronavirus for violating its terms of service and said it would continue to do so.