The Maryland US Attorney’s Office announced the seizure of a couple of domain names that imitated the name and design of the official websites of Moderna and Regeneron, two companies at the forefront of COVID-19 research.
Attackers regularly use the current global situation to trick people into opening nefarious links or visiting fake websites designed to steal information. Department of Justice (DOJ) officials said that two fake domain names sought to capitalize on the interest the pandemic has generated in the two companies.
“The U.S. Attorney’s Office for the District of Maryland has seized ‘mordernatx.com’ and ‘regeneronmedicals.com,’ which purported to be the websites of actual biotechnology companies developing treatments for the COVID-19 virus, but instead appears to have been used to collect the personal information of individuals visiting the sites, in order to use the information for nefarious purposes, including fraud, phishing attacks, and/or deployment of malware,” said DOJ officials.
In December, the websites were discovered when Moderna located the spoofed domain and contacted HSI’s Intellectual Property Rights Center (IPRC) and the HSI Cyber Crimes Center (C3). The logos, markings, colors and text of the mordernatx.com domain showed no real differences from the genuine company website’s landing page, except for a small difference in the spelling of the company’s name.
The same goes for the domain copying the Regeneron website. While the first one was registered in Malaysia, the second was registered in Nigeria. Unfortunately, there’s no indication as to who’s behind these fraud attempts.
Spoofing official websites is common in phishing campaigns. These types of domains are rarely accessed directly by users, as they serve as landing pages in phishing attacks. They would most likely have been used in such campaigns, but seizing the domain puts a stop to such attempts.