HSI investigation results in seizure of 3 domain names purporting to be biotechnology company websites with COVID-19 treatments

BALTIMORE – The U.S. Attorney’s Office for the District of Maryland has seized “healthbridgescience.com,” “global-pandemic-vaccines.com,” and “genobioscience.com” all of which purported to be the websites of actual biotechnology companies developing treatments for the COVID-19 virus but instead were allegedly used to collect the personal information of individuals visiting the sites, in order to use the information for nefarious purposes, including fraud, phishing attacks, and/or deployment of malware. Individuals visiting those sites now will see a message that the site has been seized by the federal government and be redirected to another site for additional information.

The seizure of the domain names was announced by Acting United States Attorney for the District of Maryland Jonathan F. Lenzner and Special Agent in Charge James R. Mancuso of Homeland Security Investigations – Baltimore.

“We have now seized a total of eight fraudulent websites that seek to illegally profit from the COVID-19 pandemic,” said Acting U.S. Attorney Jonathan F. Lenzner. “We urge all Maryland residents to be skeptical – don’t provide personal information or click on links in unsolicited e-mails and remember that the COVID-19 vaccine is not for sale. The Federal government is providing the vaccine free of charge to people living in the United States. We will continue to aggressively prosecute fraudsters who seek to prey on unsuspecting residents and their families.”

According to the affidavits filed in support of these seizures, these investigations began in March 2021. Homeland Security Investigations and the National Intellectual Property Rights Center received notification of two fraudulent websites, “genobioscience.com” and “healthbridgescience.com.” The third site, “global-pandemic-vaccines.com,” was discovered by Homeland Security Investigations’ Cyber Crimes Center (C3) during ongoing investigations for malicious websites. The cases were referred to HSI Baltimore for investigation.

Specifically, HSI was notified of two fraudulent websites “healthbridgescience.com” and “genobioscience.com,” by a victim biotechnology company. The company, which was granted an FDA emergency use authorization for their COVID-19 antibody drug cocktail treatment, confirmed neither of the suspect domains were approved company websites. The fraudulent sites displayed a nearly identical theme and design as the legitimate biotechnology company except for the subsection tab information. According to the affidavit, “healthbridgescience.com” was registered on February 21, 2021 and “genobioscience.com” was registered on March 24, 2021, but no registrant or contact information is listed for either website. As stated in the affidavit, criminals who operate websites and use targeted domain names often conceal their identity when registering their domain names by redacting personal identifiers to avoid being tracked by victims or law enforcement. An HSI Cyber Operations Officer (COO) also noted the “genobioscience.com” website did not use secure communication technology, making any sensitive information shared on this website potentially compromised.

The third domain name, “global-pandemic-vaccines.com,” offered COVID-19 vaccines for sale that it claimed were manufactured by pharmaceutical companies that had been granted FDA emergency use authorization for their COVID-19 vaccines. A COO indicated that the domain was created on February 26, 2021 and its registrar organization was listed as “WhoisProtection.cc,” located in Kuala Lumpur, Malaysia, which is a privacy service used to shield a domain registrant’s actual information from being see publicly. Additionally, under the bogus website’s “Contact Us” page, the telephone number appears to be associated with a messaging application and the street address listed is the address of a restaurant and a postal shipping center located in Torrance, California. Under the spoof website’s “shop” tab, there were two counterfeit vaccinations offered for sale to the public. The fraudulent website claimed that their vaccines did not require sub-zero storage. On March 15 HSI Special Agents, acting in an undercover capacity, called the phone number listed on the fraudulent website. An unknown individual agreed to sell fifty vials of the counterfeit vaccines for $20 each with a $500 deposit, and the remaining $500 due upon receipt of the vaccine doses. The provided invoice contained payment information for a specific bank account.

By seizing these sites, the government has prevented third parties from acquiring the names and using them to commit additional crimes, as well as prevented third parties from continuing to access the sites in their present form.

HSI launched Operation Stolen Promise in April 2020 to protect the Homeland from the increasing and evolving threat posed by COVID-19-related fraud and criminal activity. As of April 2021, the agency has seized more than $47 million in illicit proceeds; made 260 arrests; executed 148 search warrants and analyzed more than 78,000 COVID-19 related domain names. Working with U.S. Customs and Border Protection, more than 2,000 shipments of mislabeled, fraudulent, unauthorized or prohibited COVID-19 test kits and other related items have been seized. For its role in the operation, C3 applies technological, operational, and criminal investigative expertise, products, and services to target the criminals and organizations attempting to commit cybercrimes and exploitation related to COVID-19.

HSI is a directorate of U.S. Immigration and Customs Enforcement (ICE) and the principal investigative arm of the U.S. Department of Homeland Security, responsible for investigating transnational crime and threats, specifically those criminal organizations that exploit the global infrastructure through which international trade, travel, and finance move. HSI’s workforce of over 10,400 employees consists of more than 7,100 Special Agents assigned to 220 cities throughout the United States, and 80 overseas locations in 53 countries. HSI’s international presence represents DHS’s largest investigative law enforcement presence abroad and one of the largest international footprints in U.S. law enforcement.

Federal law enforcement is united in its efforts to fight against COVID-19 fraud. HSI has identified tips to recognize and report COVID-19 fraud. If you think you are a victim of a fraud or attempted fraud involving COVID-19, you may also call the National Center for Disaster Fraud Hotline at 1-866-720-5721 or for more information e-mail justice.gov/coronavirus.