With the COVID-19 pandemic at its peak and subsequent waves still ravaging parts of the world, the need for vaccines, infrastructure and information to combat the virus has escalated manifold. Governments and pharmaceutical companies are now working hand-in-hand to ramp up production and distribution of vaccines to prevent further contagion amongst the population. However, it wasn't long before health and state bodies had to face the plague of misinformation spread by nefarious elements. This accompanied with the immense amount of panic amongst people has now fuelled a trend of counterfeits and opportunistic fraud committed by people looking to take advantage of the gap in supply and demand. Interestingly, the pandemic has seen a rise in instances of fraud and counterfeiting perpetuated, in large part, by online channels such as:

  • Fraudulent domain name registrations or cybersquatting;
  • Hoax websites mirroring the look and feel of genuine companies engaged in healthcare;
  • Fake listings on the dark web;
  • Misleading messages on social messaging applications;
  • Search algorithms and paid advertisements on online search engines;
  • Fake listings on social media platforms;
  • Phishing emails impersonating government authorities;
  • Fake requests for charitable donations;

This article focuses on the rise of fraudulent domain name registrations and illegal websites that have cropped up specifically after the announcement of largescale vaccination drives all around the world.


WIPO in a recent decision in Pfizer Inc. v. Registration Private, Domains By Proxy, LLC / Juan Beltran1 dated March 18, 2021 relating to the domain (pfizermx.com) found opportunistic bad faith on part of the Respondent owing to the fact that the impugned website (linked to the aforesaid domain name) mirrors Pfizer's website "www.pfizer.com" and falsely purports to offer Pfizer's COVID-19 vaccine for sale. The domain (pfizermx.com) was thereafter transferred to the Complainant, Pfizer.

It is pertinent to mention that in 2020 WIPO handled 4,204 cybersquatting cases which was nearly a 14% increase over the year 2019.

Cyber squatters are now not only using similar/identical domain names but are also using another technique called 'typosquatting' wherein a very minute and purposeful change is made to the original domain name by changing the font and/ or spelling of a single letter in the domain so as to make the said change undetectable to an average consumer.

DomainTools reported that more than 150,000 new, high risk COVID-19-themed domains have been registered since December 2019. The report stated that since the most valuable space in the internet is .com, it is also the most valuable space to carry out typosquatting. Further, it was revealed that the industry's most attractive domains for typosquatters to target are financial institutions or organizations that sell medicine.2 As per Cybercrime Magazine's data feed file for February 17, 2020, seven more newly registered domains with the keyword "coronavirus" were revealed as below:

  • coronavirus-insurance.com
  • com
  • world
  • earth
  • com
  • com
  • com


The National Intellectual Property Rights Coordination Center, (an investigative arm of the U.S. Department of Homeland Security) has removed 30 websites and seized 74 web domains in connection with fraud related to the Covid-19 pandemic.3 As per an investigation by the U.S. Department of Homeland Security, a sham website was offering doses of Moderna's Covid-19 vaccine for $30 each and claimed that consumers may be able to buy a Covid-19 vaccine ahead of time. Other fake websites posing as Pfizer Inc. and BioNTech SE have also popped up prompting U.S. Homeland Security to analyse almost 80,000 Covid-19 domain names as of February, 2021.4

The United States, Mexico and other countries have seized and taken down dozens of websites fraudulently claiming to sell shots or an affiliation with vaccine makers such as Moderna and Pfizer. The fake, company look-alike websites appeared to be seeking consumers' personal information to be used in identity-fraud schemes.5 These scam attempts also involved simple tools and everyday payment methods, often luring unsuspecting consumers through paid advertisements and search algorithms on search engines such as Google. One such instance is the fraud website at www.coronavirusmedicalkit.com which claimed to sell vaccines for COVID-19 by way of DIY vaccines kits containing a non-existent vaccine and instructing consumers to administer it with water. The website carried photographs of the purported medical kit along with a Fedex form asking for the customers' credit card information. The website was then shut down by the U.S. Department of Justice6.

Another growing trend is mimicking companies manufacturing leading COVID-19 vaccines with the aim to collect personal information of consumers to carry out phishing attacks. For instance, a fake website under the name www.regeneronmedicals.com claimed to be linked to Regeneron Pharmaceutics Inc., (the biotechnology company that provided the vaccine used on former President Trump). Another fake website at www.mordernatx.com had the look and feel of Moderna Inc's actual website, www.modernatx.com.7


CovaXin is primarily developed by Bharat Biotech & ICMR and is widely used in countries such as India, Nepal, Iran, Mauritius, Mexico etc. Information about this vaccine is available at https://www.bharatbiotech.com/covaxin.html. However, possible unauthentic domains appear to have cropped up in this regard:

  • (in): A suspicious .IN TLD under the name (CovaXin.in) appears to be registered by an entity in Bihar. No content as of yet is being hosted therein.
  • ( com): This domain, registered in March 2020 by an entity in Karachi, resolves to a parked page.

Covishield manufactured by the Serum Institute of India and jointly developed by Oxford University and AstraZeneca is the cheapest vaccine in the world. Further information about this vaccine is available at https://www.seruminstitute.com/product_covishield.php. A possible fraudulent domain name registration in this regard appears to be available at:

  • (co.in): Registered in July 2020 by a third party in India, no content appears to be hosted on the website for this domain as of yet.

CoronaVac, also known as the Sinovac COVID-19 vaccine, is a vaccine developed by the Chinese company Sinovac Biotech. Some possible fraudulent domain name registrations in this regard have been listed below:

  • (com): This domain was created on September 2020 and currently resolves to a parked page. Notably, this domain is listed for sale.
  • (in)- This domain appears to be registered by an entity located in Uttar Pradesh dated December 2020. The domain resolves to a parked page.


Such unauthentic domains/websites indulging in illegal and fraudulent activities are aimed at deceiving the general public in order to derive undue monetary gains. Not only are these cyber squatters thriving on the goodwill of an established brand but at the same time putting the life of consumers at risk by exploiting public fear.

Given this, the need of the hour is for health and state bodies to take some steps to mitigate the menace of fraudulent domains and hoax websites in a swift and efficient manner. Some steps in this regard include:

  1. Propagation of authentic and verified information by government bodies;
  2. Active enforcement actions by brand-owners against mala fide domain name registrations including filing take-downs and domain name complaints;
  3. Focus on quick resolution preferably within 24 hours to avoid dissemination of online misinformation.

Consumers may also take some preventive measures and exercise caution whilst perusing data relating to COVID-19 online, in the manner suggested below:

  1. Avoid online requests for personal information;
  2. Look out for spelling and grammatical mistakes
  3. Double check email addresses and link to prevent downloading malware;
  4. Report any instances of fraud or suspicious online activity;
  5. Donate only to reliable sources.


1 Case No. D2021-0094

2 https://www.csoonline.com/article/3600594/what-is-typosquatting-a-simple-but-effective-attack-technique.html

3 https://www.albawaba.com/news/fake-pfizer-covid-19-vaccine-doses-found-mexico-poland-1423719

4 https://www.wsj.com/articles/scammers-are-setting-up-fake-covid-vaccine-websites-11614374257

5 https://www.livemint.com/companies/news/pfizer-identifies-fake-covid-19-shots-abroad-as-criminals-exploit-vaccine-demand-11619024998051.html

6 https://www.deccanchronicle.com/technology/in-other-news/230320/beware-website-claiming-to-sell-coronavirus-vaccine-shut-down-by-us-a.html

7 https://www.wsj.com/articles/scammers-are-setting-up-fake-covid-vaccine-websites-11614374257

For further information please contact at S.S Rana & Co. email: info@ssrana.in or call at (+91- 11 4012 3000). Our website can be accessed at www.ssrana.in

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.