FBI Has Stopped Hundreds of Online Scams

The bureau has reviewed more than 3,600 complaints related to COVID-19 ploys that tout fake vaccines, cures and charity drives, among other things.

For example, the cooperative effort has disrupted:

• An illicit website pretending to solicit and collect donations to the American Red Cross for COVID-19 relief efforts. 

• Fraudulent websites that spoofed government programs and organizations to trick American citizens into entering personally identifiable information, including banking details. 

• Websites of legitimate companies and services that were used to facilitate the distribution or control of malicious software.

Multiple federal agencies have worked to analyze the complaints, investigate ongoing fraud, phishing, or malware schemes, and assemble vetted referrals. Agencies have sent hundreds of these referrals to the private-sector companies managing or hosting the domains. Many of those companies, in turn, have taken down the domains after concluding that they violated their abuse policies and terms of service, without requiring legal process. Domain registrars and registries have advised the department that they have established teams to review their domains for COVID-19 related fraud and malicious activity. Cybersecurity researchers have also made important contributions by developing sophisticated tools to identify malicious domains and refer them for mitigation. Law enforcement is actively reviewing leads, including those referred by private firms, to verify unlawful activity and quickly pursue methods for disruption.

As a further example, shortly after the IRS notified the public of web links to apply for the COVID-19 related stimulus payments, the FBI identified a number of look-alike IRS stimulus payment domains. These look-alike domains are often indicative of future phishing schemes and in order to minimize the potential fraudulent use of the these domains, the FBI alerted numerous domain registries and registrars to the existence of these look-alike URLs.

“The department will continue to collaborate with our law enforcement and private sector partners to combat online COVID-19 related crime,” said Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division. “We commend the responsible internet companies that are taking swift action to prevent their resources from being used to exploit this pandemic.”

The Justice Department is also working to provide COVID-19 related training and technical assistance in other countries through the International Computer Hacking and Intellectual Property (ICHIP) program. In one Justice Department-supported action, a state prosecutor in Brazil took down a fake site purporting to belong to a leading Brazilian brewery. The website publicized the distribution of free sanitizer, but in fact was infecting the computer systems of numerous Brazilian consumers with malware. The ICHIP-mentored prosecutor further requested that the site’s U.S.-based registrar suspend it and preserve any account and transactional data linked to the site. The investigation is ongoing, and the ICHIP continues to mentor the prosecutor remotely on this case and on best practices for engaging with U.S. registrars and providers. Similar activities are planned in other regions with ICHIP attorneys. Learn more about the Criminal Division’s ICHIP Program, jointly administered by the Criminal Division’s Office of Overseas Prosecutorial Development, Assistance and Training and the Computer Crime and Intellectual Property Section, here.

Numerous Justice Department components are working to combat COVID-19 related crime nationwide. For a list of department efforts, visit https://www.justice.gov/coronavirus/news.