Skip to main content
May 3, 2021Baltimore, MD, United StatesCovid-19, Cyber Crimes

HSI investigation leads to seizure of 9th fraudulent website seeking to capitalize on COVID-19

The domain name falsely purported to be a biotechnology company providing vaccines associated with the WHO; registrant country listed as Russia

BALTIMORE — The U.S. Attorney’s Office for the District of Maryland has seized “freevaccinecovax.org” which purported to be the website of an actual biotechnology company developing a vaccine for the COVID-19 virus but instead was allegedly used to collect the personal information of individuals visiting the site, in order to use the information for nefarious purposes, including fraud, phishing attacks and/or deployment of malware. Individuals visiting the site will now see a message that the site has been seized by the federal government and be redirected to another site for additional information.

The seizure of the domain name was announced by Acting United States Attorney for the District of Maryland Jonathan F. Lenzner and Special Agent in Charge James R. Mancuso of Homeland Security Investigations (HSI) Baltimore Field Office.

“This is the ninth fraudulent website seeking to illegally profit from the COVID-19 pandemic that we have seized,” said Acting U.S. Attorney Jonathan F. Lenzner. “Members of the public should not provide personal information or click on links in unsolicited e-mails and should remember that the COVID-19 vaccine is not for sale. The federal government is providing the vaccine free of charge to people living in the United States. Working with our partners at HSI, we will continue to aggressively prosecute fraudsters who seek to prey on unsuspecting residents and their families.”

“It’s a scary thought but what HSI wants the public to understand is all a bad guy needs to defraud thousands of Americans in search of COVD-19 information is the ability to create a website combined with malicious intent,” said James Mancuso, Special Agent in Charge for the HSI Baltimore Field Office. “We must make an example of these perpetrators in order to deter others from committing these crimes against an unsuspecting and vulnerable internet user.”

According to the affidavit filed in support of the seizure, the HSI Intellectual Property Rights Center (“IPRC”) and the HSI Cyber Crimes Center (“C3”) discovered an apparent fraudulent website, named “freevaccinecovax.org.” A domain analysis conducted by HSI indicated the domain name was created on April 27, 2021, using an IP address located in Strasbourg. The registrant country was listed as Russia.

The HSI Cyber Operations Officer (COO) conducting domain analysis noted that the trademarked logos for Pfizer, the World Health Organization (WHO) and the United Nations High Commissioner for Refugees (UNHCR) appear on the homepage for the fraudulent site. Specifically, the fraudulent website contained a “Select your city” drop down and “Apply” and “Upload application” buttons. Upon selecting a city and clicking on “Apply” a PDF file is downloaded to your computer. This PDF file is written in Cyrillic. Once the PDF is completed, it then can be uploaded to the website by clicking on the “Upload application” button.

By seizing the site, the government has prevented third parties from acquiring the name and using it to commit additional crimes, as well as prevented third parties from continuing to access the site in its present form.

HSI launched Operation Stolen Promise in April 2020 to protect the Homeland from the increasing and evolving threat posed by COVID-19-related fraud and criminal activity. As of May 2021, the agency has seized more than $49 million in illicit proceeds; made 281 arrests; executed over 200 search warrants and analyzed more than 80,000 COVID-19 related domain names. Working with U.S. Customs and Border Protection, more than 2,100 shipments of mislabeled, fraudulent, unauthorized or prohibited COVID-19 test kits and other related items have been seized. For its role in the operation, HSI’s Cyber Crimes Center applies technological, operational, and criminal investigative expertise, products, and services to target the criminals and organizations attempting to commit cybercrimes and exploitation related to COVID-19.

HSI is a directorate of U.S. Immigration and Customs Enforcement (ICE) and the principal investigative arm of the U.S. Department of Homeland Security, responsible for investigating transnational crime and threats, specifically those criminal organizations that exploit the global infrastructure through which international trade, travel and finance move. HSI’s workforce of over 10,400 employees consists of more than 7,100 Special Agents assigned to 220 cities throughout the United States, and 80 overseas locations in 53 countries. HSI’s international presence represents DHS’s largest investigative law enforcement presence abroad and one of the largest international footprints in U.S. law enforcement.

Federal law enforcement agencies are united in our efforts to fight against COVID-19 fraud. HSI has identified tips to recognize and report COVID-19 fraud. If you believe you are a victim of a fraud or attempted fraud involving COVID-19, you may also call the National Center for Disaster Fraud Hotline at 1-866-720-5721 or for more information visit justice.gov/coronavirus.

Updated: