Feds Seize Websites That Impersonated Walmart

0
780

BALTIMORE – The U.S. Attorney’s Office for the District of Maryland seized fraudulent websites that contained numerous uses of the legitimate Walmart trademarked logo and appearing to mimic a legitimate Walmart website.

The fraudulent websites allegedly offer a number of drugs for sale for the experimental and unapproved treatment or prevention of COVID-19. Instead, the domains were allegedly used to collect the personal information of individuals visiting the sites in order to use their information for nefarious purposes, including fraud, phishing attacks and/or deployment of malware. Individuals visiting the sites will now see a message that the site has been seized by the federal government. These are the 12th and 13th COVID fraud related domain names seized by the Maryland U.S. Attorney’s Office and Homeland Security Investigations (HSI).

The seizures of the domain names were announced by Acting United States Attorney for the District of Maryland Jonathan F. Lenzner and Special Agent in Charge James R. Mancuso of Homeland Security Investigations Baltimore Field Office.

“When it comes to cyber fraudsters, dismantling their online platform is as good as destroying their business,” said James Mancuso, Special Agent in Charge for HSI Baltimore Field Office. “As soon as HSI identifies a malicious website we work to investigate the crime and pursue a criminal prosecution with the U.S. Attorney’s Office. By doing so we are denying these offenders the ability to commit more schemes and exploit more people.”
According to the affidavit filed in support of the seizure, the seized sites both purported to be the retail chain Walmart. One site, “http://pharmacywalmart.com,” was explicitly named to appear to be Walmart while the other, “https://stromectol-ivermectin.com,” would redirect users to “https://en.pharmacywalmart.com/buy-stromectol-usa.html.” The HSI Intellectual Property Rights Center and the HSI Cyber Crimes Center discovered the apparent website “https://stromectol-ivermectin.com” which redirected to an internal webpage of “pharmacywalmart.com.” A domain analysis conducted by HSI indicated that pharmacywalmart.com was created on November 4, 2019, from a registrant located in Russia.

The HSI Cyber Operations Officer (COO) also noted the phone number “+1-718-475-90-88” on the pharmacywalmart.com website, and while the area code for this number is New York City, the format provided does not match that of a typical United States based phone number. Pharmacywalmart.com purports to offer for sale a number of drugs, including Stromectol (Ivermectin), Aralen (Chloroquine) and Kaletra (Lopinavir and Ritonavir), for the experimental and unapproved treatment or prevention of COVID-19.

As detailed in the affidavit filed in support of the seizure, Stromectol is the brand name of Ivermectin which is a prescription medication used to treat certain parasitic infections; Aralen is a brand name for chloroquine, most commonly used for the treatment and prevention of malaria; and Kaletra is the brand name of a combination of Lopinavir and Ritonavir which are prescription medications that are approved to treat human immunodeficiency virus 1 (HIV-1). None of those drugs are an approved preventative or treatment for COVID-19. On the page offering Kaletra for sale, the subject domain name contained the following: “In 2020, after laboratory research, it was found out that Kaletra shows positive results in a blockage of a COVID-19 viral replication.” The affidavit alleges that this statement is not supported by trials or the U.S. Food and Drug Administration.

Neither domain name is authorized by Walmart to use their intellectual property or offer their products for sale. By seizing the sites, the government has prevented third parties from acquiring the names and using it to commit additional crimes, as well as prevented third parties from continuing to access the sites in their present form.

Facebook Comments