Friday, March 26, 2021

EDVA Seizes Seven Websites Used to Collect Personal Information and Illegally Profit from the COVID-19 Pandemic

 ALEXANDRIA, Va. – The U.S. Attorney's Office for the Eastern District of Virginia announced today the seizure of seven websites as part of ongoing efforts by Homeland Security Investigations (HSI) to combat online fraud schemes that seek to exploit the increased interest in vaccines, treatments, and employment opportunities associated with the COVID-19 pandemic.

According to court records, the United States obtained court authorization to seize four domains that purported to be the legitimate websites of Pfizer, Inc. (“Pfizer”)—specifically, “pfizermx.com,” “pfizer-vaccines.com,” “pfizerstockrate.com,” and “pfizerksa.com.” In addition, the government seized three websites claiming to be associated with the United Nations International Children’s Emergency Fund (UNICEF)—specifically, “unicefcovid19relief.com,” “unicefeverychild.com,” and “unicefinternship.com.” Although each of the seized domains purported to be the legitimate websites of either Pfizer or UNICEF, the sites instead appeared to have been designed to obtain the personal information of website visitors for nefarious purposes, such as fraud or phishing attacks.

“The online fraud and phishing schemes that were embedded within these seven sham websites sought to capitalize on the misfortunes of others during the global pandemic,” said Raj Parekh, Acting U.S. Attorney for the Eastern District of Virginia. “We urge the public to safeguard your sensitive personal information at all times, including from these fraudulent COVID-19 schemes. EDVA and our law enforcement partners will continue to aggressively seek justice for vulnerable community members who are preyed upon by these scammers.”

“The COVID-19 pandemic has created significant opportunities for fraudsters to take advantage of individuals seeking information, cures, or vaccines to protect themselves and others. The websites seized in these cases are alleged to be simply masquerading as legitimate COVID-related sites to steal personal information for potentially nefarious purposes,” said Special Agent in Charge Raymond Villanueva for HSI’s Washington, D.C. field office. “We urge the public to use extreme caution sharing any personal information online, especially in regards to COVID-19 vaccines, treatments, personal protective equipment or with unsolicited employment opportunities.”

According to the affidavits filed in support of these seizures, HSI identified and opened investigations into the seized domains between December 2020 and February 2021 after learning of their use in fraud schemes through notifications from the affected entities, and through an ongoing operation by HSI’s Cyber Crimes Center (C3) targeting malicious websites.

The domains “pfizermx.com,” “pfizerksa.com,” “pfizer-vaccines.com,” and “pfizerstockrate.com,” were used in websites that fraudulently displayed the registered trademarks of Pfizer and BioNTech SE (“BioNTech”) to facilitate apparent phishing schemes geared towards exploiting the increased interest in Pfizer and BioNTech-related products, including the Pfizer/BioNTech COVID-19 vaccine. The websites associated with pfizermx.com and pfizerksa.com presented themselves as Spanish and Arabic-language websites for Pfizer, respectively, and purported to facilitate orders of Pfizer products. Likewise, the website associated with “pfizer-vaccines.com” falsely presented itself as an online platform for obtaining information on the COVID-19 virus and Pfizer/BioNTech vaccine, while the website associated with “pfizersotckrate.com,” appeared to present itself as an online platform for advertising trading and stock options for Pfizer.

In reality, none of these websites appear to serve a legitimate purpose. Each instead used names, logos, and graphics of Pfizer and, in some instances BioNTech, as part of an apparent effort to trick visitors into submitting sensitive information. For instance, the websites using the domains pfizermx.com and pfizer-vaccines.com attempted to deceive individuals interested in obtaining information on the COVID-19 vaccine into contacting fraudulent phone numbers and email addresses that Pfizer did not control. The websites associated with the domains pfizerksa.com and pfizerstockrate.com similarly sought to trick visitors into submitting personal information to the perpetrators through the website, including bank account information through pfizerksa.com.

The websites associated with “unicefcovid19relief.com,” “unicefeverychild.com,” and “unicefintern ship.com” likewise leveraged the trademarks of UNICEF to facilitate apparent phishing schemes geared towards exploiting the increased interest in helping individuals who need assistance during the COVID-19 pandemic. Notably, the websites associated with each of these seized domains falsely claimed to offer employment opportunities associated with distributing COVID-19 relief funds, and the sites encouraged interested employees to submit personal information. According to the affidavit supporting the seizure warrant, each of these seized domains appeared to have been designed to collect the personal identifying information of website visitors for use in criminal schemes, such as fraud or phishing attacks, and to enlist unwitting victims in money laundering schemes.

The seizure of these seven domains by the government will prevent third parties from acquiring the names and using them to commit additional crimes. Individuals visiting those sites now will see a message indicating that the site has been seized by the federal government, and visitors will be redirected to another site for additional information.

Federal law enforcement agencies are united in their efforts to fight against COVID-19 fraud. HSI has identified tips to recognize and report COVID-19 fraud, and additional information and resources are available from the Department of Justice and the U.S. Attorney’s Office (EDVA). If you believe you are a victim of a fraud or attempted fraud involving COVID-19, you may also call the National Center for Disaster Fraud Hotline at 1-866-720-5721.

The seizure of the domain names was announced by Raj Parekh, Acting U.S. Attorney for the Eastern District of Virginia, and Raymond Villanueva, Special Agent in Charge of U.S. Immigration and Customs Enforcement’s Homeland Security Investigations Washington, D.C.

Acting U.S. Attorney Parekh commended the HSI Cyber Crimes Center, HSI Intellectual Property Rights Center (IPRC), and the HSI Washington Field Office for their work in these investigations.

The government is represented by Special Assistant U.S. Attorney Aarash Haghighat in these matters.

A copy of this press release is located on the website of the U.S. Attorney’s Office for the Eastern District of Virginia.

No comments: