March 27, 2020
Internet firm restricts virus-themed website registrations
An internet firm is ending the automated registration of website names that include words or phrases related to the COVID-19 pandemic, an attempt to combat coronavirus-related fraud.
Los Angeles-based Namecheap Inc. made the pledge after a federal judge in Texas ordered the takedown of a website the U.S. Department of Justice accused of stealing credit card information while offering fake coronavirus vaccine kits. The website allegedly offered what it claimed were World Health Organization vaccine kits in exchange for a $4.95 "shipping charge."
There is currently no vaccine for the coronavirus that causes COVID-19. Experts say it will take 12 to 18 months to develop one.
The DOJ said the site, coronoavirusmedicalkit.com, was harvesting credit card information. The site registered that domain with Namecheap. Its unknown owners were listed as "John Doe" in court papers and could not be reached for comment. A Panama phone number listed on its registry was disconnected.
Namecheap CEO Richard Kirkendall said in an email to customers Thursday that the company was banning terms such as "coronavirus," "COVID" and "vaccine" from the company's domain availability search tool, a move that prevent the automated registration of names including those terms. He said company employees could manually register legitimate domains.
The largest U.S. domain registry business, Arizona-based GoDaddy, has not adopted a similar policy but spokesman Dan Race said it has a "human review process that effectively detects and disrupts fraudulent content."
Toronto-based Tucows Inc., a top competitor whose retail registration business is called Hover, has also not removed virus-related keywords from its customer-facing search engine. The company is, however, flagging all "covid" and "corona" domains for manual review, spokesman Graeme Bunton said. It is looking in particular for fake tests and cures.
Cybersecurity firms have reported a big jump in coronavirus-related internet domains in recent weeks, and say many are the work of cybercriminals sowing malware, scamming the public with false cures and harvesting payment card and other personal information. One cybersecurity firm reported discovering a malicious data-stealing program masquerading as a virus information map.
The New York Attorney General's office wrote Namecheap, GoDaddy and other major U.S. registrars on March 20 asking them to take aggressive measures against the illegal use of coronoavirus domains, including blocking the rapid registration of virus-related domains.
The companies all responded, said Kim Berger, chief of the NY AG's internet and technology bureau. "All have pledged a desire and intent to cooperate with us."
In a tweet the same day the letter was sent, GoDaddy said it had already removed sites promoting online coronavirus for violating its terms of service and said it would continue to do so. "We're all in this together," the company wrote.
Responding to an online text message, Kirkendall referred the AP to a report on the tech news site ZDNET quoting an email he sent to Berger's office.
Bunton of Tucows said that while it's important to have an "extra eyeball" on virus-related domains, some people are doing "wonderful things" online to marshal resources in their communities. Tucows wants to be careful not to dampen those efforts with a heavy-handed approach, he said.
GoDaddy's Race said hundreds of domains incorporating the terms "corona" or "covid" were being used for legitimate and beneficial purposes. As an example, he listed micovidcommunity.com, a Michigan response site.
© 2020 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.