Domain Registrars Take Action Against Fraudulent COVID-19 Websites

American domain registration companies are taking steps to combat coronavirus-related fraud. 

Budget hosting provider Namecheap Inc. has halted automated registration of website names that reference the COVID-19 health crisis. The Los Angeles–based company's action comes after a surge in fraudulent websites seeking to profit from the pandemic.

Online scams proliferating from the coronavirus outbreak have included fraudulent charity websites, sites selling fake vaccines and cures, and infection-tracking sites that deliver malware. 

In an email to customers sent on March 26, Namecheap CEO Richard Kirkendall said the company was removing terms such as “coronavirus,” “COVID,” and “vaccine” from the company's domain availability search tool. 

While legitimate domains can still be registered manually by company employees, Kirkendall said that Namecheap was working with authorities to "proactively prevent and take down any fraudulent or abusive domains or websites related to COVID19 or the Coronavirus."

America's largest US domain registry business GoDaddy is also taking action against unscrupulous COVID-19 cyber-criminals. The Arizona firm said it has already taken down several fraudulent sites as part of its "human review process." 

A GoDaddy spokesperson said: "We do not tolerate abuse on our platform and our Universal Terms of Service (UTOS) gives us broad discretion to act on complaints, and this includes COVID-19 abuse. To date, our teams have already investigated and removed COVID-19 fraud sites in response to reports, and our vigilance will continue long after the COVID-19 crisis comes to an end."

In neighboring Canada, Toronto firm Tucows Inc., which operates retail registration business Hover, is flagging all "covid" and "corona" domains for manual review. Company spokesperson Graeme Bunton said that the Tucows was on the lookout in particular for any sites peddling fake COVID-19 cures or tests. 

Efforts by the companies to combat fraud come after New York Attorney General Letitia James wrote to the internet's largest domain registrars on March 20, asking for their help in tackling coronavirus-related fraud. 

Letters were sent to GoDaddy, Dynadot, Name.com, Namecheap, Register.com, and Endurance International Group (owner of Bluehost.com, Domain.com, and HostGator.com).

On Saturday, the US Department of Justice filed its first court action against a website operator accused of committing fraud to profit from the global COVID-19 pandemic.

What’s Hot on Infosecurity Magazine?