Threat Watch

The US Seizes Phishing Domains Impersonating COVID-19 Vaccine Sites

The US Department of Justice has seized a fifth domain name used to impersonate the official site of a biotechnology company involved in the development of a COVID-19 vaccine. The seized domain claimed to sell the REGEN-COV2 emergency antibody-drug cocktail developed by Regeneron Pharmaceuticals and approved by the US Food and Drug Administration (FDA) for emergency COVID-19 treatment.  “However, the website was fraudulent and instead appears to have been used to collect the personal information of individuals visiting the site, to use the information for nefarious purposes, including fraud, phishing attacks, and/or deployment of malware, “Individuals visiting the site now will see a message that the site has been seized by the federal government and be redirected to another site for additional information” according to the Justice Department. The US Attorney’s Office for the District of Maryland seized the usaregenermedicals[.]com which was registered on January 21st using the NameCheap registrar – after an HIS Cyber Operations Officer discovered its nefarious nature. Since December 2020, the US Department of Justice has seized four other domains used by cybercriminals to perform fraud, phishing attacks, and/or infect victims’ computers with malware. The other domains seized are remdesivirmx[.]com, modernatx[.]shop, mordernatx[.]com, and regeneronmedicals[.]com. According to statistics provided by the US Federal Trade Commission (FTC), more than 372,000 Americans have reported a total loss of over $365 million in COVID-19 related scams since the start of 2020.

ANALYST NOTES

Anyone who finds a suspected COVID-19 phishing site should report the site to government authorities such as the FBI, using the online reporting form available at https://www.ic3.gov. Users are also advised to realize that most companies developing vaccines, at least in the US, are not selling their vaccines directly to the consumer. To obtain a legitimate vaccine, individuals should contact their local health department or health service provider to find out if and when they will be eligible to receive the inoculation.

Source Article: https://www.bleepingcomputer.com/news/security/us-seizes-more-domains-used-in-covid-19-vaccine-phishing-attacks/