Researchers at the Internet safety nonprofit say that between May and July, they were easily able to purchase coronavirus-related domains such as Getcoronavaccines.com, freecoronavaccine.net and Bleachcoronaviruscure.com. from registrars including GoDaddy, Domain.com and Google Domains. There is no available government-approved vaccine for the coronavirus.
When asked about the Digital Citizens findings and about a number of suspensions of fraudulent coronavirus domains, GoDaddy referred The Washington Post to a blog post from March.
Google prohibits using domains for illegal or unlawful purposes, Google spokesperson Alex Krasov said.
“We regularly scan registrations using account signals and review all reports of possible abuse,” Krasov said. “If we find that a domain name registered through Google Domains violates our Terms of Service, we may suspend, cancel or terminate the domain and associated account.”
Digital Citizens researchers also were able to purchase domains that could be used for scams from resellers who make a profit by acquiring already-registered domain names.
In one instance, an agent for the site DomainAgents offered to broker the sale of the domain name coronavaccine.com to Digital Citizens researchers even after the researchers made it clear they wanted the domain to sell a non-existent cure.
“We represent neither the buyer or the seller and it is unusual for a buyer to share their intended use of a domain,” DomainAgents chief executive Ryan McKegney wrote in an email to The Post. McKegney said the company forbids the use of its service to obtain domains for illegal uses like fraud.
“Covid hadn’t been on our list of exclusions, but with the amount of misinformation that is floating around, the point is taken and we will train our Customer Service Representatives to watch for it and exclude the purchase of covid-related terms going forward.”
Domains found by Digital Citizens researchers are just a fraction of those registered since the start of the pandemic that are ripe for scam.
Researchers at Check Point found that since the beginning of the year, at least 114,219 new virus-themed domains have been registered, over half of which were registered by GoDaddy. While not all the domain names are fraudulent, Check Point researchers noted in March coronavirus-related domains were 50 percent more likely to be malicious than other domains registered in that time.
“Domain name registrars should not allow cybercriminals and online scammers to register provocative domain names used to lure people to their sites,” Sen. Mazie Hirono (D-Hawaii) said in response to the Digital Citizens report. “Too many of these companies put their heads in the sand while criminals use their services to prey on the public, even when criminal intent is clear in the domain name itself. Domain name registrars need to take responsibility and stop enabling scams perpetrated on the public.”
Online coronavirus-themed scams have exploded since the start of the pandemic. The Federal Trade Commission has received more than 170,000 consumer complaints about coronavirus-related fraud, for everything from miracle cures to fake masks to false coronavirus relief checks. Coronavirus scams have stolen more than $114 million from consumers, the FTC reports.
The Justice Department has sought court orders to shut down more than 300 fraudulent websites designed to sell health and safety items related to the coronavirus.
In addition to setting up domains, scammers have utilized popular social media sites including Facebook, Google and Twitter to spread medical misinformation and to sell bogus cures and masks. And despite tech giants taking an aggressive approach to the content, misinformation and scams continue to slip through.
Unlike social media companies, domain registrars have largely declined to take proactive steps to prevent potentially problematic domains from going up.
A group of senators led by Hirono wrote a letter to eight domain registrars in April asking them to act more quickly to cancel or suspend domains hosting scams or misinformation. In response to the letter, GoDaddy argued “at a time that a domain is registered we do not know if it will be used for nefarious purposes or legitimate ends.”
Instead, the company relies on a human review process of reported abuse complaints to ensure “the public is protected while not interfering with free expression.” GoDaddy told Hirono’s office that as of April, it had suspended 151 coronavirus-related domains and touted its increased resources dedicated to coronavirus fraud reports and cooperation with law enforcement.
Other companies echoed GoDaddy’s defense they couldn’t know what kind of content buyers would host. Several companies told Hirono they were unable to answer the letter’s question about many coronavirus-related domains they hosted.
The Digital Citizens report, which also looked at the ease of buying domains associated with sexual abuse and dangerous drugs, concludes the issues accompanying domain registrars’ policies go well beyond the coronavirus crisis.
“It’s this idea that they’re helping on something that probably shouldn’t be there in the first place or many people would say shouldn’t be there in the first place,” said Tom Galvin, executive director of the Digital Citizens Alliance. He pointed out Digital Citizens was able to purchase date-rape-drug.com from Namecheap. “I think this is a red flag.”
Digital Citizens Alliance, which has conducted previous investigations into the unauthorized sales of opioids and steroids online, receives funding from telecommunications, pharmaceutical and tech organizations, as well as some members of the Motion Picture Association of America.
Consumer advocates are asking domain registrars to do more.
The National Association of Boards of Pharmacy, which has raised concerns about how fake online pharmacies have capitalized on the pandemic, say that domain registrars could work with organizations like theirs to verify online pharmacies before they give them domain names.
Of the eight domain registrars Hirono wrote to, only Donuts Inc., which owns Name.com, said in its response that it works with a trusted notifier to verify registrations for pharmaceutical sales.
Legal action can also put pressure on domains.
For instance, in March a federal judge ordered Namecheap, one of the registrars reviewed by Digital Citizens Alliance, to take down a domain it registered accused of stealing credit card information for fake vaccine kits. Namecheap now requires interaction with a support agent to register a related domain instead of permitting buyers to automatically register them.
“Some upstanding registrars refuse to do business with illegal online drug sellers,” said Lemrey Carter, executive director of the National Association of Boards of Pharmacy. “Unfortunately, many other registrars believe they are under no responsibility to take action without a court order, which is often difficult or impossible to obtain due to the international nature of the Internet.”
Congress could also step in to pass legislation that requires registrars to lock and suspend domain names registrars know are being used illegally. Lawmakers could amend current law giving registrars protection from liability for content posted on their domains, Carter said.
Digital Citizens advocates for registrars to work with “trusted notifiers” such as the Food and Drug Administration. But Galvin said before regulators step in, registrars could use a combination of technology to flag potentially malicious terms and require a manual review process for domains before selling them.
“There’s an opportunity here for the domain industry to raise the bar itself,” said Galvin. “In the last 10 years, we’ve seen the Internet take a darker turn. Whether it’s manipulation or exploitation, disinformation, this is something we need leadership on more broadly.”
Source: (https://www.washingtonpost.com/)
