Domain names are a risk for coronavirus-themed phishing attacks


The coronavirus battleground is shifting to your web browser, as the market for domain names themed to covid-19 hot up – and prove a prime ground for criminals to plant phishing attacks. 

Between January and mid-March, more than 16,000 domain names related to the coronavirus have been registered, according to analysts Check Point. And the pace is increasing. In one week in mid-March, more than 6,000 domains were registered – up 85% from the week before. 

And not all of those domain names have been registered to provide reputable information: Check Point analysis shows that one in every 100 was found to be malicious, and one in every five was suspicious.

ADVERTISEMENT

Taking action

The rise in registrations – particularly given their purpose – is a concerning one. While some sites have been logged as a repository for reputable information, including one BBC journalist who registered coronavirusphishing.com as a way to log scams and raise awareness of them, others are there for more nefarious needs.

Which is why it’s little surprise that the domain name world has started taking action. Registrars – the organisations that grant approval of domain name registrations – have started cracking down on new registrations.“News and official advice are developing rapidly, and with most of us now isolated in our homes, the internet is an essential place to find information,” says Eleanor Bradley, managing director of registry solutions and public benefit at Nominet, which oversees all .uk domains. “Unfortunately, this leaves us more vulnerable to phishing attacks, poised to click on a link that promises answers or solutions.”

Checked and vetted

“As a responsible registry, Nominet is always monitoring the new domain names being registered alongside those already in existence in the .UK namespace for any evidence of fraudulent or malicious usage,” says Bradley. 

The organisation has added keywords such as “coronavirus” and “covid19” to its checklist of terms to closely monitor. “Unsurprisingly, we have witnessed a rapid upswing in domain name registrations containing these virus-related terms,” she says.

Nominet has suspended more than 180 domain names for falling foul of malicious means. “Preventing these from entering the registry is a priority to ensure users of our national namespace are kept as safe as possible,” Bradley adds. Another 300 have been referred to UK law enforcement for further investigation.

A global issue

ADVERTISEMENT

Nominet aren’t the only registrar stopping or slowing the registration of potentially offending domain names in order to try and protect consumers. US domain registrar Namecheap has said it won’t accept any new applications for domains referring to “coronavirus,” “covid” or “vaccine.”

“There are always those who try to take advantage of crisis situations by carrying out acts of fraud. In response, we are actively working with authorities to both proactively prevent, and take down, any fraudulent or abusive domains or websites related to COVID-19,” the company said in a statement provided to The Verge.

Those who managed to register their domain name before the shutdown are out of luck as well. Domain name marketplace DAN.com has said it won’t allow anyone to sell coronavirus-related domain names on their service. 

As more and more people who aren’t necessarily tech-literate start to make their way online, the registration of potentially confusing domain names becomes more of an issue – and cybercriminals have realised the chance to capitalise on that.

Thankfully, the domain name world is battling back against the risk of defrauding people at their most vulnerable – and those looking to make money off the back of an illicit trade are going to have to find another way to hoodwink the rest of us.