HSI and Maryland U.S. Attorney’s Office seize 2 domain names attempting to impersonate Walmart website and purporting to sell COVID-19 treatment or prevention drugs


Originally posted on
ice.gov

BALTIMORE – The U.S. Attorney’s Office for the District of Maryland seized fraudulent websites that contained numerous uses of the legitimate Walmart trademarked logo and appearing to mimic a legitimate Walmart website.

The fraudulent websites allegedly offer a number of drugs for sale for the experimental and unapproved treatment or prevention of COVID-19. Instead, the domains were allegedly used to collect the personal information of individuals visiting the sites in order to use their information for nefarious purposes, including fraud, phishing attacks and/or deployment of malware. Individuals visiting the sites will now see a message that the site has been seized by the federal government. These are the 12th and 13th COVID fraud related domain names seized by the Maryland U.S. Attorney’s Office and Homeland Security Investigations (HSI).

The seizures of the domain names were announced by Acting United States Attorney for the District of Maryland Jonathan F. Lenzner and Special Agent in Charge James R. Mancuso of Homeland Security Investigations Baltimore Field Office.

“When it comes to cyber fraudsters, dismantling their online platform is as good as destroying their business,” said James Mancuso, Special Agent in Charge for HSI Baltimore Field Office. “As soon as HSI identifies a malicious website we work to investigate the crime and pursue a criminal prosecution with the U.S. Attorney’s Office. By doing so we are denying these offenders the ability to commit more schemes and exploit more people.”

According to the affidavit filed in support of the seizure, the seized sites both purported to be the retail chain Walmart. One site, “https://pharmacywalmart.com,” was explicitly named to appear to be Walmart while the other, “https://stromectol-ivermectin.com,” would redirect users to “https://en.pharmacywalmart.com/buy-stromectol-usa.html.” The HSI Intellectual Property Rights Center and the HSI Cyber Crimes Center discovered the apparent website “https://stromectol-ivermectin.com” which redirected to an internal webpage of “pharmacywalmart.com.” A domain analysis conducted by HSI indicated that pharmacywalmart.com was created on November 4, 2019, from a registrant located in Russia.

The HSI Cyber Operations Officer (COO) also noted the phone number “+1-718-475-90-88” on the pharmacywalmart.com website, and while the area code for this number is New York City, the format provided does not match that of a typical United States based phone number. Pharmacywalmart.com purports to offer for sale a number of drugs, including Stromectol (Ivermectin), Aralen (Chloroquine) and Kaletra (Lopinavir and Ritonavir), for the experimental and unapproved treatment or prevention of COVID-19.

As detailed in the affidavit filed in support of the seizure, Stromectol is the brand name of Ivermectin which is a prescription medication used to treat certain parasitic infections; Aralen is a brand name for chloroquine, most commonly used for the treatment and prevention of malaria; and Kaletra is the brand name of a combination of Lopinavir and Ritonavir which are prescription medications that are approved to treat human immunodeficiency virus 1 (HIV-1). None of those drugs are an approved preventative or treatment for COVID-19. On the page offering Kaletra for sale, the subject domain name contained the following: “In 2020, after laboratory research, it was found out that Kaletra shows positive results in a blockage of a COVID-19 viral replication.” The affidavit alleges that this statement is not supported by trials or the U.S. Food and Drug Administration.

Neither domain name is authorized by Walmart to use their intellectual property or offer their products for sale. By seizing the sites, the government has prevented third parties from acquiring the names and using it to commit additional crimes, as well as prevented third parties from continuing to access the sites in their present form.

HSI launched Operation Stolen Promise in April 2020 to protect the Homeland from the increasing and evolving threat posed by COVID-19-related fraud and criminal activity. As of May 2021, the agency has seized more than $49 million in illicit proceeds; made 281 arrests; executed over 200 search warrants and analyzed more than 80,000 COVID-19 related domain names. Working with U.S. Customs and Border Protection, more than 2,100 shipments of mislabeled, fraudulent, unauthorized or prohibited COVID-19 test kits and other related items have been seized. For its role in the operation, HSI’s Cyber Crimes Center applies technological, operational, and criminal investigative expertise, products and services to target the criminals and organizations attempting to commit cybercrimes and exploitation related to COVID-19.

HSI is a directorate of U.S. Immigration and Customs Enforcement (ICE) and the principal investigative arm of the U.S. Department of Homeland Security, responsible for investigating transnational crime and threats, specifically those criminal organizations that exploit the global infrastructure through which international trade, travel and finance move. HSI’s workforce of over 10,400 employees consists of more than 7,100 Special Agents assigned to 220 cities throughout the United States, and 80 overseas locations in 53 countries. HSI’s international presence represents DHS’s largest investigative law enforcement presence abroad and one of the largest international footprints in U.S. law enforcement.

Federal law enforcement agencies are united in our efforts to fight against COVID-19 fraud. HSI has identified tips to recognize and report COVID-19 fraud. If you believe you are a victim of a fraud or attempted fraud involving COVID-19, you may also call the National Center for Disaster Fraud Hotline at 1-866-720-5721 or for more information visit justice.gov/coronavirus.