Domain name registry suspends 600 suspicious coronavirus websites

Web domain name registries are stepping up their efforts to tackle scammers, and it starts even before their websites go live.
Written by Daphne Leprince-Ringuet, Contributor

The UK's domain name registry Nominet, which manages the launch of .uk websites, is stepping up efforts to tackle the proliferation of sites dedicated to scamming the public, for example by selling fake vaccines, protective equipment and frauds remedies to the COVID-19 virus. 

Rather than taking down domains after they have been reported as malicious, the organization has implemented more radical measures to stop these sites appearing in the first place, with extra scrutiny of websites names containing "coronavirus", "covid", or other selected terms related to the pandemic.

It is only once the organization has established that the website is legitimate that the domain name will be able to resolve. Eleanor Bradley, MD registry services at Nominet, told ZDNet that about 600 names have been suspended so far. A smaller number has gone on to be registered, but most of them are still sitting in domain registry limbo.

"We don't want to prevent legitimate registration from getting through, but I think the current situation warrants further checks at the point of registration," said Bradley. "What we're doing is catching everything that has a clear relationship to coronavirus at source, to effectively stop malicious domains from being used in the first place."

SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)

The method is already employed by Nominet for different types of scams; for example, the organization flags domain registration linked to banking, or tax filing, to cut the activity of fraudulent websites before the public can even see them. Algorithms pick up on attempts to register name domains that contain key words, and risk-rate them; then, human reviewers assess the website's profile and get in touch with the registrant to request more information if they deem it necessary.

The sudden upsurge in attempts to create malicious websites taking advantage of the COVID-19 crisis hasn't taken Nominet by surprise, explained Bradley. "We use our normal, standard process, but for a new challenge," she said. "I am comfortable that we have the resources to manage this, and that our teams have the relevant experience."

Last month, ZDNet reported a staggering global increase in suspicious domains related to coronavirus, and found, after a couple of days looking at those websites at random, that nine out of ten were selling fake cures or were being used for malware distribution. Cybersecurity company RiskIQ has also noted a "rampant" number of attacks using COVID-19, and saw up to 35,000 suspicious domains created in a single day on Monday, March 16. 

The industrial scale at which scammers are setting up web domains has led government officials to call on name registries to step up the fight against fraudulent sites. New York Attorney General Letitia James recently sent open letters to six of the internet's largest domain registrars, asking them to strengthen their countermeasures.

To tackle the specific scams that are likely to arise in the context of a global pandemic, Nominet has also been working alongside the Medicines and Healthcare Products Regulatory Agency (MHRA) to flag websites selling fraudulent pharmaceuticals, test kits or vaccines. Bradley reported that there is definitely a pattern emerging at the level of domain registration, in terms of attempts to create names associated with the sale of illegitimate goods.

Other typical scams include attempts to spoof government websites to trick users into handing over sensitive information. Crooks often resort to small misspellings to lead people to hacked pages in so-called phishing attempts. 

Last month, for instance, security software company Sophos reported a phishing scam in which attackers created a copy of the World Health Organization website, adding an email password box on the main page to trick users into providing their personal data. 

SEE: This giant remote working from home experiment is creating new problems for everyone

It is worth noting, according to Bradley, that many names are registered for legitimate purposes, such as to set up communication between community groups; but given the spike in scams that have occurred alongside the crisis, suspending domains at the point of registration is a necessary evil. 

"What we're trying to do in the current situation is act really quickly so those names don't go into use for purposes that could prove harmful to the general public," said Bradley. "The domains that are perfectly acceptable should be registered really quickly, but we are just making sure that we are filtering out things that could cause harm."
Ultimately, argued Bradley, the best way to fight back scammers is to ensure that users keep irreproachable cyber-hygiene. "The reality is that there is nothing new at the moment. Criminals are using the same methods, but preying on a particular situation and a public who are deeply concerned," said Bradley. 

"We tell people to simply apply the normal rules, and not let their guard down," she added. Even in unusual times, the usual rules apply: if it looks too good to be true, it probably is. And always think before you click.

Editorial standards