- The Washington Times - Thursday, May 14, 2020

On its face, the website had all the markings of a World Health Organization page. It was seeking donations to help the WHO fight the coronavirus scourge. Even the domain name suggested it was run by a nonprofit.

It was so good that when it was reported to special agents at Homeland Security Investigations’ Cyber Crimes Center, they called the WHO just to double check and make sure they weren’t actually investigating a legitimate site.

They were assured it was indeed a scam.

HSI agents reached out to the Public Interest Registry, which controls .org domains, which flagged the site for GoDaddy.com, which then repossessed it.

WeFightCovid-19.org, the scam site, is one of more than 11,000 websites HSI has knocked off the internet during Operation Stolen Promise, an effort by U.S. Immigration and Customs Enforcement to try to prevent fraudsters from taking advantage of unsuspecting consumers during the chaos of coronavirus.



While the internet has been a lifesaver for businesses and workers during the pandemic, it’s also been a tool hucksters are using to separate Americans from their money, often at the risk of the victim’s health.

Some websites are selling fake test kits or fake cures — there is no vaccine or proven treatment yet. Other sites, such as the fake WHO donations page, prey on American generosity. Still others are try to collect people’s identity information. It’s the Super Bowl for scammers, fraudsters and other bad actors.

“These individuals are targeting vulnerable populations of the public,” said Special Agent Stephanie Hampton, the new chief of the HSI’s Cyber Crimes Center. “They’re targeting the elderly, they’re taking advantage of people that are in dire straits right now. They’re exploiting folks who are already downtrodden.”

Operation Stolen Promise has helped open more than 400 cases, led to 29 search warrants being executed and to 15 arrests made, contributed to the seizure of $3.5 million in ill-gotten profits and, along with Customs and Border Protection, snatched more than 550 shipments of fake tests, bogus treatment kits and counterfeit protective equipment.

As the stimulus checks began to go out, the scam began to evolve, Agent Hampton told The Washington Times.

“There has been definitely a shift from the initial look from the counterfeit and fraudulent intellectual property violations, like the [protective equipment], the counterfeit pharmaceuticals, the test kits,” she said. “Now with the passing of the CARES Act we’ve seen more financial-related fraud.”

For the most part, the scammers are the same ones who operate throughout the year — but the coronavirus crisis has created all the conditions for success. People are online more, they’re confused about the nature of the disease and testing and treatment, and the government is handing tens of millions of people stimulus checks. It’s a huge enticement for con artists.

“They’re very quick to adapt to whatever fraud is out in the media,” said Special Agent Matthew Swenson, who called the coronavirus crisis “the perfect storm of cyber fraud.”

And it’s not just scams.

Across the country, online church broadcasts, school classes and even government meetings have been “Zoom bombed” with interlopers interrupting proceedings with everything from racist taunts to child pornography.

ICE has created Project iGuardian, which offers virtual briefings to schools and youth groups to teach them what to look for and what to avoid in the online world.

Investigators are trying to make cases where they can, though the often anonymous world of the internet and the ability to set up operations overseas can make that difficult.

More often, the solution — particularly for scams — is to try to boot the fraudsters offline.

In that respect, domain registrars have been increasingly helpful.

“At the beginning they were slower. Now they’re much faster. It’s almost to the point where they’re proactively knocking these sites offline,” said Agent Swenson, chief of the CCC’s Network Intrusion Section.

GoDaddy.com, a major registrar, declined to say how many virus scam sites it has pulled, but a spokesman said they’ve become experts in sorting out bogus sites from legitimate ones.

“Our team has been doing this for more than 20 years and has considerable experience evaluating content to identify hoaxes, scams and other illegal activity on our platform,” a spokesman said.

While ICE “sinkholes” bogus websites, getting domain registrars to suspend or repossess them, in one case the agency and the Justice Department went to court to seize a website outright.

The day after President Trump announced the coronavirus national emergency in March, someone went online offering to sell CoronaPrevention.org. There was no bogus content posted, so ICE had an undercover agent approach the seller and offer to buy it to get it off the market.

During the course of their conversations, the agent was told he could buy it for $500 — about 25 times the normal sales price — and payment had to be in bitcoin.

The seller even encouraged using the site to sell fake testing kits and told the agent to make sure to set up the page through a foreign-based service to remain outside the clutches of U.S. authorities, according to an affidavit filed justifying the website seizure.

“We will not tolerate exploitation of this national emergency for personal gain,” U.S. Attorney Timothy J. Shea said in announcing the seizure last month.

The market for potentially hot websites is heated. Covid19cure.com, for example, says it’s available to a buyer for the price of $150,000.

ICE said some sites claimed to be helping people get their stimulus checks. One site mimicked an IRS page, inviting users to turn over their personal identifying information. ICE investigators notified the IRS’s criminal investigative division and had the registrar take it offline.

The fake WHO website was scary in its ability to accurately replicate a legitimate site, borrowing the design and most of the text directly from the real WHO page, with the only noticeable difference being the means of donation. The fake site had buttons to pay by bitcoin or Paypal.

ICE said many of its tips on scams come from the public. Agent Hampton urged those who come across potential fraud to email [email protected]

Sign up for Daily Newsletters

Manage Newsletters

Copyright © 2020 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.

 

Click to Read More and View Comments

Click to Hide