High Number of Recently Created Coronavirus Websites Linked to Scamming Operations

Americans need to be on the lookout for malicious domains created by scammers as well as widespread disinformation and conspiracy theories being spread online.

• By Haley Samsel
• Mar 10, 2020

Hackers are increasingly using the coronavirus to lure people seeking information about the epidemic into entering their personal information on spam sites.

Since January, over 4,000 coronavirus-related domains have been registered around the world, according to findings from security researchers for Check Point Research. Of those websites, 3 percent were found to be malicious and 5 percent were termed “suspicious.”

While these numbers may not sound startling at first, the malicious rate for these coronavirus-related domains is 50 percent higher than all other domains registered in the same time period. Check Point also found that the malicious rate was higher for these sites than for domains centered around seasonal themes, like Valentine’s Day.

Malicious coronavirus sites are likely designed for phishing, or taking the information of users to steal money from them or take over their accounts. Some of the websites claimed to sell face masks, cures, vaccines or home tests for the virus. Others featured discussions of the virus to lure in potential victims, according to the researchers.

The findings follow the Federal Trade Commission’s February warning to consumers to watch out for scams related to the coronavirus. The FTC noted that malicious email attachments or fake crowdfunding campaigns for supposed coronavirus victims are also threats to consumers.

“Scammers are taking advantage of fears surrounding the Coronavirus,” the Feb. 10 alert reads. “They’re setting up websites to sell bogus products, and using fake emails, texts, and social media posts as a ruse to take your money and get your personal information.”

There have also been reports of scam emails purporting to be the Centers for Disease Control (CDC) or, as Check Point recently discovered, the World Health Organization in Italy. The WHO phishing campaign hit over 10 percent of all organizations in Italy, according to Check Point.

The English text for the Italian email campaign reads: “Due to the number of cases of coronavirus infection that have been documented in your area, the World Health Organization has prepared a document that includes all the necessary precautions against coronavirus infection. We strongly recommend that you read the document attached to this message.”

Once the email recipient opens the document, they are instructed to click “enable editing” or “enable content,” allowing the malicious file to start downloading malware.

Check Point recommends that consumers are cautious with emails from unknown senders and do not click on promotional links in emails or take actions that they would not usually do. Consumers should also watch out for “special” offers for cures, vaccines or tests related to the coronavirus.

In addition to the phishing threats, Americans should be aware of widespread disinformation campaigns. State Department officials are linking online disinformation about the virus to a Russian operation behind “swarms of online, false personas” spreading conspiracy theories on line, The Washington Post reported.

Nearly 2 million tweets over a three-week period were found to have amplified coronavirus-related conspiracy theories around the world, according to a State Department estimate revealed by the Post. Legislators are calling on the department to release more detailed findings from its investigation.