Letitia James, the New York State Attorney General (NYAG) is asking domain name registrars to crack down on registrations and malicious use of coronavirus-related domain names.
In a letter James sent to six of the largest domain name registrars, she references a report from security firm Check Point that claims, “there have been over 4,000 coronavirus-related domains registered globally. Out of these websites, 3% were found to be malicious and an additional 5% are suspicious.”
Furthermore, the Check Point Threat Intelligence report claims that “Coronavirus- related domains are 50% more likely to be malicious than other domains registered at the same period.”
The NYAG says her office is investigating the problem as it believes many of these domains are being used for “purposes of deceptive advertising, phishing schemes and malware dissemination.”
Scammers have also been using these domains to sell fake cures and vaccines claiming to heal or prevent the symptoms or spread of the coronavirus (COVID-19).
NY State Attorney General Asking For Preventive Measures
To help combat cybercriminals that are preying on people’s fears, the NYAG is asking the domain name registrars to develop and deploy the following solutions:
- The use of automated and human review of domain name registration and traffic patterns to identify fraud.
- Establish a process for human review of complaints from the public and law enforcement about fraudulent or illegal use of coronavirus domains, including creating special channels for such complaints.
- Revise terms of service to reserve aggressive enforcement for the illegal use of coronavirus domains
- Place holds on registering new domains related to coronavirus.
- Deploy blocking systems that prevent rapid registration of coronavirus-related domains.
- De-registration of domains identified in the letters sent to the domain registrars.
The Attorney General James is claiming authority over this problem as it relates to New York residents by stating, “These activities may violate a number of laws, including but not limited to General Business Law § 349, Executive Law § 63(12), and the Computer Fraud and Abuse Act (CFAA), as well as your terms of service for domain registration.”
Letters were sent to Register.com, Dynadot, Name.com, GoDaddy, Namecheap, and Endurance International Group owner of Domain.com, HostGator.com, and Bluehost.com.
GoDaddy publically responded on Twitter to the letter it received from the NYAG by saying, “Thanks for your commitment to fighting online scams related to coronavirus. We’ve already removed sites promoting such scams for violating our terms of service, and we’ll continue to do so. We’re in this together.”
The company also said it already has an abuse reporting page at https://supportcenter.godaddy.com/AbuseReport, and its team will investigate every complaint.
Domain Name Fraud and Scams of Opportunity
Scams involving deceptive domain names have been a problem since the beginning of the Internet. Normally, this problem doesn’t rise to the AG level until it is too late and a large number of victims ask for assistance to recoup losses.
Unfortunately, by that time it is often too late and in most cases, the fraudsters are out of the country and beyond the reach of domestic law enforcement.
The unusual nature of this coronavirus (COVID-19) health emergency has frightened people looking to any information or product that may provide a cure, remedy, or prevention of the virus.
eBay, Amazon, and other marketplaces are already cracking down on false and misleading claims from sellers regarding coronavirus-related products.
Last week, 33 State Attorney Generals also demanded more help from the big tech companies to squash scams, fraud, and price gouging.
It should not be surprising that opportunists are trying to use domain names to scam or mislead people and that under the current conditions, law enforcement is trying to stop this in its tracks as much as possible.
Consumer Awareness and Seller Consequences
For consumers, this should be a reminder always to double-check the companies with whom they are doing business with and be extra careful about familiar-looking domain names that imply a government or other authoritative organization.
Online Merchants should consider the negative consequences of using coronavirus-related domain names for landing pages to legitimate online businesses, or the purpose of affiliate or other digital marketing strategies as they may result in extra scrutiny from law enforcement.
Desperate attempts to drive traffic could result in bigger legal problems for merchants down the road.
If you like to talk about this story
Please head over to our Facebook Group for Small Business Sellers and interact with other small business owners.