Coronavirus-related domains on the rise: How scammers take advantage of public interests

As if there wasn’t enough to worry about with the new coronavirus, cybercriminals around the globe are exploiting the public’s interest in the epidemic to spread malicious activity.

As the virus spreads across the globe, people are on the lookout for the latest information and updates on how it might affect them. Fraudsters are typically quick to take advantage of such public concerns, with the coronavirus serving them well as an enabler for their activities, such as:

Domaingrabbing
Phishing emails
Fakeshops

The objectives are well known: large profit margins through lucrative resales, stealing sensitive information and luring people into downloading a different kind of virus, or selling goods that are never dispatched.

Cybercriminals are waiting in the wings

A look at the domain registrations that precede these activities shows what impact the current outbreak has on the domain business. More than 1.000 coronavirus-themed domain names were registered since the World Health Organization (WHO) officially named the deadly disease COVID-19 on the 11th of February – not to mention the domain names connected to health-related organizations. Although many of the newly registered domains may contain relevant information, the number of unreported cases of misuse is high.

The .com domains matching the new name of coronavirus were registered before even the first news reports emerged.

The speed at which cybercriminals act is particularly impressive; only one minute after the WHO made the accouncement at a press conference in Geneva, including an official tweet, the domain covid19.com were registered, followed by the hyphen version covid-19.com three minutes later.

🚨 BREAKING 🚨

“We now have a name for the #2019nCoV disease:

COVID-19.

I’ll spell it: C-O-V-I-D hyphen one nine – COVID-19″

–@DrTedros #COVID19 pic.twitter.com/Kh0wx2qfzk

— World Health Organization (WHO) (@WHO) February 11, 2020

In response to the persistent phishing activities, the WHO even put out a warning about coronavirus email scams on its website. Phishing emails are ones that appear to be from trusted source, tricking you into providing sensitive information, downloading malware, or clicking a link to a website that can do either. In the case of the WHO, scammers use coronavirus warnings from apparant WHO representatives as a veil for these attacks.

The current malicious events are an indicator of the speed of action within the domain industry, and are a warning shot for companies to protect themselves from the lurking dangers at all times. In addition to the well-known seasonal themed spam campaigns such as recent Valentine’s day, cybercriminals are waiting in the wings for potential public phenomena to pop up to take advantage for their own gain in the ever-evolving digital world.

Top 10 coronavirus-themed domain terms

Term	Registrations
coronavirus	343
covid19	199
coronavirusinfo	40
coronavirusvaccine	38
thecoronavirus	36
coronaviruses	36
stopcoronavirus	34
covid19virus	32
coronavirusnews	32
covid19info	21

domaintools.com | Updated 10.03.2020