Namecheap Is Blocking Certain Keywords To Prevent Phishing Scams During COVID-19
We are currently living in unprecedented times where we are all unsure as to what the future will hold for us all. In reaction to this, many of us are looking to protect ourselves as best we can, but given the rate at which COVID-19 is sweeping the globe, we sometimes do not have the best information readily available to us. This leaves us susceptible to being targeted by criminals who look to take advantage of the vulnerable.
A big way that criminals are able to do this is through the internet and their ability to sell items online, or appear to sell items online, that are fake or fraudulent. In this article, we, therefore, look at what exactly is COVID-19 Phishing scams and how online criminals can begin them in the first place.
We also investigate what is being done to prevent COVID-19 scams to help protect those that are vulnerable to attack. Finally, we address how we can all stay safe against Coronavirus scams and protect ourselves from becoming victims of fraud or other crimes.
What is a COVID-19 Phishing Scam?
A COVID-19 phishing scam is a scam that seeks to take advantage of the Coronavirus crisis. Online criminals set up apps, websites or other online portals that attract naive internet users and cheat them out of money by using the Coronavirus as a reason to handover financial data transfer money in some way.
In reality, this can mean appearing to sell something online to do with the Coronavirus and ways to protect yourself against infection. This has meant that some websites appear to be selling face masks or hand sanitizer or even services such as cleaning air vents through a person’s air conditioning.
In some cases, websites do actually sell face masks or hand sanitizer and other personal protection equipment apparatus. However, the genuine ones are few and far between. Some websites will be selling products such as hand sanitizer that is not fit for purpose, while some will simply take a person’s credit card details or bank details and use them to spend money elsewhere – they won’t even deliver dodgy goods at all.
How do Online Criminals Begin a Phishing scam?
Phishing scams start in a variety of ways. Criminals are getting better and better in general at hiding themselves in a legitimate-looking disguise online. The two main methods that criminals are using the Coronavirus to set up a Phishing scam are:
1. Setting up a genuine-looking website.
Criminals are becoming more and more adept at setting up websites that look like a legitimate source established them. They make websites that are covered in branding from companies that are well respected and trusted. They do this through the use of that company’s brand colors and font type, as well as making the website look as professional as possible too. In doing so, people who find the website online, that is claiming to sell goods like face masks or hand sanitizer, for example, are fooled into thinking that the site is reliable and lawful. Scammers are therefore able to get a customer’s credit card details or bank account information. From there, they can use these details for their own purposes.
2. Emailing the general public directly
Many scammers email the general public under the disguise of a reputable company with an email that is again covered in a respected company’s branding. People, therefore, believe the email and are likely to click on an embedded link that the email contains. From there, the criminal can either infect the computer or device or network that has opened the link with malware or direct the user to a website selling fake items or services. Both are ways to try to extract financial data from a person so that the criminal can go on to use it for their financial gain.
The main driver behind both these methods and their success is the fact that they are both preying on people’s fear surrounding the Coronavirus and the lack of knowledge regarding it. The virus is so new that criminals are able to promote products and services that people believe to be real. Naive and vulnerable members of the public then go on to buy these products and services as they do not know any better. Whether they found those products or services through email or through a website search, the result is still the same. Because of the proliferation of scams online at the moment, it can be hard for the general public to know what to believe and what not to.
What is Being Done to Prevent COVID-19 Phishing Scams?
The authorities have identified the security risk to the population that scammers pose in the midst of the COVID-19 crisis. In doing so they have also identified a number of methods that they would like to see implemented to help prevent people from falling victim to scams and phishing attempts by hackers.
The NY Attorney General has stipulated the following actions that he would like domain registrars to take on board to stop fraudulent websites and apps ever being established.
- An in-depth and detailed review of all domain registrations that seem to relate to the Coronavirus or COVID-19
- The set up of an easy process for the public to highlight any sites that have been found to be scams relating to the Coronavirus.
- The taking down of any scam sites immediately once reported
- Putting systems in place that will stop COVID-19 sites being registered
- Rewrite terms and conditions to include how COVID-19 sites and domains that are found to be fraudulent will be subject to the most stringent of law enforcement protocols.
A number of domain registration companies have taken these ideas on board and have started to implement them into their everyday processes. While some have simply emphasized and underlined existing practices within the company to ensure the safety of the public, there has been one notable exception. Namecheap has blocked certain keywords in its search functionality to stop anyone from establishing a fraudulent website.
Instead, customers have to call up the company and register a domain over the phone. Namecheap employees then go through a checklist to ensure that the customer is not a criminal with illegal intentions for the domain. They then manually register the domain if the customer passes the checks. The company is also taking many active steps to take down any domains that are fraudulent or abusive. GoDaddy has also asserted that they have started taking down domains that are scams relating to the COVID-19 crisis, but they emphasized that this was part of their every day due diligence anyway.
To stay safe against Coronavirus scams and protect yourself from becoming a victim of online fraud, it is best to practice online security measures that prevent criminals from ever being able to take advantage of your online identity. This means never opening an email from an unknown source and never clicking an embedded link within an email from someone that you don’t know. It is also good to remember that if a website and its products look too good to be true, then they probably are fraudulent and the website is simply a disguise for criminal activity.
Additionally, ensure that you continue to use encryption methods and antivirus software that can alert you as to when your computer or network has been infected with malware. Encryption methods will prevent hackers from being able to intercept your data when you are transmitting it as well as when it has been saved to a cloud network. This means that if you have clicked on a link from a hacker by mistake or you have opened an email from a criminal in error, your data will still be protected against any of their subsequent illegal actions.
There are also a number of apps that can help you stay safe online. A VPN is a good piece of technology to use at all times when you are connected to the internet. It will do a great deal of the hard work for you in keeping you safe while online. This is incredibly important at the moment given the huge rise in scam sites that proclaim they will somehow help in the face of the Coronavirus outbreak. A VPN product will be able to secure a person’s network through encryption and tunneling, additionally many VPNs will come with antivirus software that will keep you safe from any infections placed by hackers.
It is a sad but true fact that criminals take advantage of crisis situations for their own financial gain. This has, therefore, meant that during the Coronavirus outbreak, fraudulent websites and phishing scams have proliferated as criminals look to cash in on the amount of uncertainty in the air as well as preying on peoples’ vulnerabilities and weaknesses.
Because of the Coronavirus, they have been able to set up websites selling many different products that offer help during the crisis. Anything from face masks or hand sanitizer to vaccines, air duct cleaning and cures have all been seen to be sold online. In reality, these websites are just a cover to ascertain people’s credit card details or other account information.
Actions taken by domain registrars like Namecheap can, therefore, be really helpful in the fight against preventing phishing scams. It is a strong action taken by Namecheap to simply block customers from being able to search for Coronavirus website domains and register them online. Now, if a customer wants a new domain, they have to call the company to do so. This makes the process far less susceptible to manipulation. But such a step is highly unusual but goes to show the lengths to which have to be taken to ensure that during the Coronavirus, fraudsters do not take advantage of the situation for their own illegal gains.
While other registrar companies have not taken quite such drastic measures as Namecheap, they are still responding to the US Attorney’s call for strong action to be taken against online hoaxes. However, it is still up to individuals to take action too. Online users must ensure that they follow the same security measures as they would do in other time and be sure that they never put themselves in harm’s way by opening emails from unknown sources or clicking on embedded links.
In addition, it can be hugely beneficial to employ the use of other security methods such as encryption, two-factor authentication, and a password manager to create the strongest passwords. This means that if your network does somehow get infiltrated by a hacker, you still have a high level of protection in place.