Fraudulent domains posed as Walmart in phishing scam

US authorities have seized two domains supposedly selling unapproved drugs for the prevention or treatment of Covid-19 while falsely posing as sites run by Walmart.

The two domains – http://pharmacywalmart.com and https://stromectol-ivermectin.com – both resolved to https://en.pharmacywalmart.com/buy-stromectol-usa.html and featured unauthorized use of the Walmart logo in an attempt to lend credibility to a scam that cynically played on pandemic-related fears.

Each site purported to offer experimental or unapproved treatments for Covid-19 while in reality only existing to collect the personal details and financial information of prospective marks.

Both sites have been seized by the US federal government so any visitor that strays onto the domain will be redirected to a site offering genuine information about the coronavirus pandemic.

Russian connection

The perpetrators of the snake oil lure phishing scam remain publicly unidentified. However, an analysis showed that the en.pharmacywalmart.com domain was established through a registrant in Russia in November 2019.

Pharmacywalmart.com purported to offer for sale a number of drugs, including “Stromectol (Ivermectin), Aralen (Chloroquine) and Kaletra (Lopinavir and Ritonavir), for the experimental and unapproved treatment or prevention of Covid-19”, according to a statement by the US Department of Justice on the domain seizure action.


Read more of the latest coronavirus security news


These drugs have applications in the treatment and prevention of malaria or (in one case) the treatment of HIV, but none are approved for either the prevention or treatment for Covid-19. This runs contrary to bogus claims on the seized domain that “Kaletra shows positive results in a blockage of a Covid-19 viral replication”, for example.

“Neither domain name is authorized by Walmart to use their intellectual property or offer their products for sale,” according to US authorities. “By seizing the sites, the government has prevented third parties from acquiring the names and using it to commit additional crimes, as well as prevented third parties from continuing to access the sites in their present form.”

Website scams involving Covid-19 are rife. The two sketchy domains seized in the latest case represent the 12th and 13th such Covid fraud-related domain name seizures by the Maryland US Attorney’s Office and Homeland Security Investigations (HSI).

The problem is not just in the US, but is international. Back in March HIS and Interpol put out a joint warning that fake Covid-19 vaccines and treatments pose a ‘serious health hazard’, as previously reported by The Daily Swig.


RELATED The age of Covid-19: Lockdowns and cybersecurity, 12 months on