Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
CLOSE ×
Search
Leaving AARP.org Website

You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

Justice Department: Hundreds of Illicit Coronavirus Websites Shut Down

Law enforcement, private firms crack down on COVID-19 cybercriminals

spinner image Secret Service Director James Murray speaks during the opening ceremony of the Maloney Canine Training Facility at the J. Rowley Training Center, in Laurel, Maryland on September 12, 2019.
Secret Service Director James M. Murray assailed the illicit web sites as "nefarious."
MANDEL NGAN / AFP / Getty Images
spinner image Coronavirus scam alert
Kameleon007 / Getty Images

The Justice Department said Wednesday that hundreds of cybercriminals seeking to rip people off during the pandemic have had their websites busted. Some of the phony sites in the crackdown were designed to spoof government programs. Or they purported to be affiliated with public health or humanitarian organizations, including a site falsely claiming to be fundraising for the American Red Cross.

Many sites tried to attract traffic using domain names with words such as “covid19” or “coronavirus.” One top U.S. law enforcement official involved in the crackdown decried such COVID-19 cyberfraud as “nefarious."

The Department of Justice (DOJ) also disclosed it is helping foreign prosecutors take down websites tied to pandemic fraud. Fraudsters lurking behind a fake website posed as a leading Brazilian brewery and purported to be giving out hand sanitizer. Instead, the crooks installed malware on numerous Brazilians’ computers, the DOJ said.

In this case, the state prosecutor in Brazil had been mentored though a DOJ program called International Computer Hacking and Intellectual Property. The state prosecutor asked the site's U.S.-based domain registrar to suspend it and “preserve any account and transactional data linked to the site.”

More actions like that are planned in other regions, the DOJ said.

Gone phishing

As part of the crackdown in the U.S., the FBI identified a number of look-alike computer domain names for the Internal Revenue Service stimulus payment, officials said. The domain names — the web addresses of pages on the internet — are indicative of phishing scams, officials said.

In phishing, a bad actor emails, calls or texts you to trick you into sending cash or disclosing personal information. Or the perpetrator infiltrates your computer to steal money or sensitive data, such as a bank routing number.

More than 3,600 complaints about COVID-19 scams were made to the FBI's Internet Crime Complaint Center as of Tuesday, officials said. Many complaints related to websites advertising fake COVID-19 vaccines and cures — none now exists — or conducting phony charity drives. Other people complained about malware, which is malicious software that disrupts, damages or gains unauthorized access to your computer.

Public-private partnerships to fight fraud

At the heart of the DOJ crackdown are partnerships between a number of federal law enforcement agencies and private sector companies.

It works this way: Federal agencies analyze incoming complaints; investigate fraud, phishing or malware schemes; and assemble vetted referrals. Hundreds of referrals were sent to private firms that manage or host web domains, and many of the firms have taken down the domains after concluding they violated terms-of-service or abuse policies.

According to the DOJ, domain registrars and registries have told the department that “they have established teams to review their domains for COVID-19 related fraud and malicious activity."

Cybersecurity researchers also “made important contributions by developing sophisticated tools to identify malicious domains and refer them for mitigation,” the DOJ said.

Law enforcement is reviewing leads, including those from private firms, to verify unlawful activity and “quickly pursue methods for disruption,” the DOJ said.

At the U.S. Secret Service, Director James M. Murray said: “Keeping pace with the growing threat of cyber-enabled COVID-19 scams requires an alliance between the private sector and our law enforcement partners to safeguard our nation from this sort of nefarious conduct.”

He added: “The Secret Service is thankful for these trusted partnerships which demonstrate a proven model for identifying, investigating and prosecuting these criminals."

American Red Cross responds

At the American Red Cross, spokeswoman Greta Gustafson called it “disheartening” to learn about the scam involving its brand.

To make a donation to the organization, a person may visit redcross.org, call 800-RED-CROSS (800-733-2767) or mail a check to the American Red Cross, P.O. Box 37839, Boone, Iowa, 50037.

Unlock Access to AARP Members Edition

Join AARP to Continue

Already a Member?