As news of the spread of the coronavirus (COVID-19) continues to emerge, CSC has undertaken the first in a series of studies looking at how the development of the crisis has affected online content. This first article looks at the numbers of registered domains with names containing coronavirus-related strings—“coronavirus” or “covid(-)19” (optional hyphen)—and analyzes the types of content present on the associated websites.

In our investigation, we found 6,341 domains containing the string ‘covid(-)19’, and 11,552 domains containing ‘coronavirus’¹. Many of these registered domain names include other terms, implying that the associated websites feature neutral or informational content. However, significant numbers incorporate particular keywords suggesting that they could have been registered to take advantage of people’s fears surrounding coronavirus to attract web traffic. These domains may be used to create websites associated with scams, or with the intention of generating revenue.

We further analysed this set of domains to determine² when the domains were registered. This analysis shows that of the 2,000 plus domains for which creation dates were identifiable, only 17 domains (0.8%) were registered before 2020, and 68% (1,400+ domains) were registered since the start of March—that’s just two weeks prior to the date of analysis.

N.B. We truncated the graph at three days prior to the date of analysis, as there can typically be a delay of around two to three days between the date of domain registration and its inclusion and detection in the published zone file. Accordingly, the numbers of registrations shown for (at least) the two or three days prior to analysis are likely to be underestimates.

These figures provide a striking illustration of how escalating real-world issues can produce a flurry of corresponding activity online, with an enormous increase in registrations as countries began to announce lockdown measures throughout March. We can also see spikes in the domain-registration graph associated with specific events:

• The first announcements of the emergence of coronavirus outside China in late January
• The WHO announcement of COVID-19 as the specific strain on February 11
• The start of Italy’s lockdown in late February³

What’s in a domain name?

Nearly 75% of the 2,646 domains with keywords of interest produced a live webpage response⁴. Around three-quarters of these currently don’t point to an active site, i.e., no page title, or a title suggesting that only a holding page is present. That said, even these may have been registered with a goal of monetizing the domain name, either through pay-per-click links on the site or explicitly offering the domain name for sale.

Setting aside inactive domains still leaves around 500 coronavirus-related domains featuring relevant keywords and appearing to host active websites. Thirty-two of that 500 achieve significant web traffic, attracting over 8,000 internet users daily between them. The websites resolve to a range of content, although just over a third resolve to active eCommerce sites offering face masks for sale. Others include eCommerce sites selling coronavirus testing kits or other healthcare products; sites linking to online pharmacies; sites offering global coronavirus tracking functions; and a range of other informational sites.

Why does it matter to brands?

Registering a domain and creating an associated website is quick, simple, and essentially unregulated. This provides a range of opportunities for any would-be infringer and, as our findings have shown, can pose a variety of risks for internet users. Where physical products are being sold, the items could be manufactured using sub-standard materials, or without rigorous quality checks. Consumers run the risk that products may not just be ineffective, but actually harmful. Many of the identified eCommerce sites offered products using known and trusted brand names. The risk of these being counterfeit is one reason why brand owners should pay close attention to the developing landscape, and take appropriate enforcement action to protect their customers and their reputation.

The social risks of misinformation

Where unofficial sites use the name or branding of a legitimate health organisation (e.g., CDC or WHO) to appear official or lend credibility to its content, the public is at risk of incorrect safety information or a phishing attack. Stay tuned for a post from us on COVID-19 phishing attack opportunities.

Other identified websites offer coronavirus tracking mobile apps—a risk to the public in light of reports that some coronavirus tracking apps actually host malicious content or ransomware. Look for our upcoming post on COVID-19 and fake mobile apps.

Recommendations for brand owners

As the coronavirus story continues to develop, it is advisable to monitor for third-party domain names—and material in other online areas—that may be using a brand name to lend credibility to site content or offer the sale of counterfeits. Use monitoring technology to search for brand-related appearances across a range of internet content types, and prioritize findings by the number and prominence of brand mentions, and their proximity to keywords or key phrases of particular relevance or concern. Following identification of infringing content, a rapid process of enforcement for the removal of damaging content can help to protect customers, company reputation, and revenue. Above all, throughout this developing crisis, it’s most important to take all necessary precautions—both online and offline—to be safe and stay well.