The volume of new COVID-19 domain registrations is commensurate with the spread of this pandemic. Initially, there was a spike in new domains during the last week of February, when the Centers for Disease Control (CDC) began publicly warning about the severity of this global health emergency. Unfortunately, many of these domains are malicious, invoking the virus to promote malware, phishing sites, or faux products or charities. This intrudes a problem for legitimate domains, similar to 'false positives,' where they are flagged inappropriately.
Many cybersecurity organizations have tracked the rise of malicious domains, but the data published on this topic may not be entirely accurate. It’s not always easy to tell when a site is malicious or benign because the bad actors are capable of hiding among the good. Many experts believe it is up to the registrar community to exercise more diligence and play a bigger role in preventing cybercriminals from generating these malicious domains.
Schwartzman said more domain registrars should follow the example of Los Angeles-based Namecheap Inc., which last month pledged to stop accepting the automated registration of website names that include words or phrases tied to the COVID-19 pandemic. Since then, a handful of other registrars have said they plan to manually review all such registrations going forward.