Two domains spoofing the COVID-19 vaccine developers Moderna and Regeneron have been seized by the U.S. Department of Justice. The websites were almost perfect clones of the websites they impersonated and had potential to deceive millions of individuals into disclosing sensitive information or downloading malware.
This year has seen cybercriminals take advantage of the COVID-19 pandemic and conduct campaigns offering up to date information on the virus, fake offers of a cure, the latest number of cases in different regions, and many other COVID-19 themed scams, so it is no surprise that vaccine developers are now being impersonated.
According to figures from the U.S. Federal Trade Commission (FTC), more than 275,000 Americans have suffered financial losses in 2020 as a result of COVID-19 themed scams, often involving websites that harvest sensitive information. Earlier this year, Microsoft took down several domains that were being used for COVID-19-themed phishing and business email compromise attacks and was one of several companies to participate in the takedown of the infrastructure used to distribute the TrickBot Trojan, which was being distributed using COVID-19 themed lures.
The two websites have had their content removed and replaced with a placeholder stating the domains have been seized by the Federal government. The two domains – mordernatx[.]com and regeneronmedicals[.]com –had a contact form on the contact-us page that requested a range of information that had to be submitted in order to get in touch with the companies. Those forms requested information such as name, company/institution name, contact telephone number, and email address. They also included a VOIP telephone number should individuals prefer to make contact over the telephone.
The information collected by the form would be used to scam the website visitors into downloading malware, providing additional information for use in identity theft and fraud, or in scams that involve downloading malware. The domain spoofing Moderna was registered in Malaysia and the Regeneron site was registered in Nigeria.
Traffic to the malicious websites such as these is typically generated through phishing emails and malicious adverts on legitimate websites served through third party ad networks.
“By seizing these sites, the government has prevented third parties from acquiring the names and using them to commit additional crimes, as well as prevented third parties from continuing to access the sites in their present form,” explained the DOJ in its announcement.
While it is certainly good news that the domains are no longer active, there are likely to be countless others that take advantage of interest in the COVID-19 vaccines for malicious purposes.
“I urge citizens to remain vigilant,” said United States Attorney for the District of Maryland Robert K. Hur, who was involved in the domain seizure. “Don’t provide personal information or click on websites or links contained in unsolicited e-mails. Don’t become a victim.”