The Office of the New York Attorney General (NYAG) is investigating the registration and use of coronavirus-related domains for the purposes of deceptive advertising, phishing schemes and malware dissemination. These activities may violate a number of laws, including but not limited to General Business Law § 349, Executive Law § 63(12), and the Computer Fraud and Abuse Act (CFAA), as well as your terms of service for domain registration.
The New York Attorney General (NYAG) sent a letter to several US based domain name registrars: GoDaddy, Dynadot, Name.com, Namecheap, Register.com, and Endurance International Group (owner of Bluehost.com, Domain.com, and HostGator.com).
GoDaddy replied to a tweet by the NYAG:
@NewYorkStateAG (1/2) Thanks for your commitment to fighting online scams related to coronavirus. We’ve already removed sites promoting such scams for violating our terms of service, and we’ll continue to do so. We’re in this together.
— GoDaddy (@GoDaddy) March 20, 2020
GoDaddy also said that “If anyone suspects a website to be a coronavirus scam, please submit a report supportcenter.godaddy.com/AbuseReport. Our team investigates every complaint.”
Meanwhile an investigation by Escrow.com found that many fake websites selling coronavirus masks are scamming organizations.
Here is the letter that GoDaddy received from the NYAG:
The Office of the New York Attorney General (NYAG) is investigating the registration and use of coronavirus-related domains for the purposes of deceptive advertising, phishing schemes and malware dissemination. These activities may violate a number of laws, including but not limited to General Business Law § 349, Executive Law § 63(12), and the Computer Fraud and Abuse Act (CFAA), as well as your terms of service for domain registration.
In the course of its investigation, the NYAG has discovered that cybercriminals have been registering a significant number of domain names related to “coronavirus” in recent weeks and using those domains to conduct phishing campaigns and other attacks. See, e.g., https://arstechnica.com/information-technology/2020/03/the-internet-is-drowningin-covid-19-related-malware-and-phishing-scams/. According to one analysis from security firm Check Point, 3% of domains registered since January that mention coronavirus have been found to be actively malicious, with an additional 5% categorized as suspicious: https://blog.checkpoint.com/2020/03/05/update-coronavirus-themeddomains-50-more-likely-to-be-malicious-than-other-domains/. Compounding this issue, individuals appear to be offering for sale some of these domains, including domains such as “coronavirusgive.com” that would be potentially highly effective in a phishing attack, see https://newyork.craigslist.org/mnh/for/d/new-york-domain-forsale/7094978336.html
Scammers have also been taking advantage of this pandemic to prey on people’s fears by selling false cures, see https://wjla.com/features/7-on-your-side/millions-of-misleading-claimsto-cure-or-prevent-coronavirus. The NYAG has already taken action to combat these deceptive activities, see https://ag.ny.gov/press-release/2020/attorney-general-james-orders-alex-jonesstop-selling-fake-coronavirus-treatments. While online scams tailored to major news events have been around for more than a decade, and there are legitimate uses of domain names with coronavirus in it, the current environment demands the highest vigilance.
In light of the above, the NYAG requests that you contact us as soon as possible to discuss how GoDaddy is protecting New Yorkers and others across the country from these scams. Some of
the actions we would like to discuss with you are outlined below, but we would welcome a dialogue on the most effective steps to prevent bad actors from taking advantage of the current
crisis:
1. The use of automated and human review of domain name registration and traffic patterns to identify fraud;
2. Human review of complaints from the public and law enforcement about fraudulent or illegal use of coronavirus domains, including creating special channels for such complaints;
3. Revising your terms of service to reserve aggressive enforcement for the illegal use of coronavirus domains; and
4. De-registration of the domains cited in the articles identified above that were registered at GoDaddy, and any holds in place on registering new domains related to coronavirus, or similar blockers that prevent rapid registration of coronavirus-related domains.
We look forward to discussing these issues with you as soon as possible.
Kim A. Berger Chief
Bureau of Internet and Technology
New York State Office of the Attorney General