STATE OF NEW YORK OFFICE OF THE ATTORNEY GENERAL LETITIA JAMES ATTORNEY GENERAL DIVISION OF ECONOMIC JUSTICE BUREAU OF INTERNET AND TECHNOLOGY VIA EMAIL Nima Kelly Chief Legal Officer GoDaddy, Inc. 14455 North Hayden Road Suite 219 Scottsdale, AZ 85260 nima@godaddy.com Ms. Kelly: The Office of the New York Attorney General (NYAG) is investigating the registration and use of coronavirus-related domains for the purposes of deceptive advertising, phishing schemes and malware dissemination. These activities may violate a number of laws, including but not limited to General Business Law § 349, Executive Law § 63(12), and the Computer Fraud and Abuse Act (CFAA), as well as your terms of service for domain registration. In the course of its investigation, the NYAG has discovered that cybercriminals have been registering a significant number of domain names related to “coronavirus” in recent weeks and using those domains to conduct phishing campaigns and other attacks. See, e.g., https://arstechnica.com/information-technology/2020/03/the-internet-is-drowningin-covid-19-related-malware-and-phishing-scams/. According to one analysis from security firm Check Point, 3% of domains registered since January that mention coronavirus have been found to be actively malicious, with an additional 5% categorized as suspicious: https://blog.checkpoint.com/2020/03/05/update-coronavirus-themeddomains-50-more-likely-to-be-malicious-than-other-domains/. Compounding this issue, individuals appear to be offering for sale some of these domains, including domains such as “coronavirusgive.com” that would be potentially highly effective in a phishing attack, see https://newyork.craigslist.org/mnh/for/d/new-york-domain-forsale/7094978336.html Scammers have also been taking advantage of this pandemic to prey on people’s fears by selling false cures, see https://wjla.com/features/7-on-your-side/millions-of-misleading-claimsto-cure-or-prevent-coronavirus. The NYAG has already taken action to combat these deceptive activities, see https://ag.ny.gov/press-release/2020/attorney-general-james-orders-alex-jonesstop-selling-fake-coronavirus-treatments. While online scams tailored to major news events have 28 LIBERTY STREET, NEW YORK, NY 10005 ● PHONE (212) 416-8433 ● FAX (212) 416-8369 ● WWW.AG.NY.GOV been around for more than a decade, and there are legitimate uses of domain names with coronavirus in it, the current environment demands the highest vigilance. In light of the above, the NYAG requests that you contact us as soon as possible to discuss how GoDaddy is protecting New Yorkers and others across the country from these scams. Some of the actions we would like to discuss with you are outlined below, but we would welcome a dialogue on the most effective steps to prevent bad actors from taking advantage of the current crisis: 1. The use of automated and human review of domain name registration and traffic patterns to identify fraud; 2. Human review of complaints from the public and law enforcement about fraudulent or illegal use of coronavirus domains, including creating special channels for such complaints; 3. Revising your terms of service to reserve aggressive enforcement for the illegal use of coronavirus domains; and 4. De-registration of the domains cited in the articles identified above that were registered at GoDaddy, and any holds in place on registering new domains related to coronavirus, or similar blockers that prevent rapid registration of coronavirus-related domains. We look forward to discussing these issues with you as soon as possible. Kim A. Berger Chief Bureau of Internet and Technology New York State Office of the Attorney General 28 Liberty Street, New York NY 10005 (T) (212) 416-8456 kim.berger@ag.ny.gov http://www.ag.ny.gov/bureau/internet-bureau 2 28 LIBERTY STREET, NEW YORK, NY 10005 ● PHONE (212) 416-8433 ● FAX (212) 416-8369 ● WWW.AG.NY.GOV