Skip to content

Rogue Internet Pharmacies Persist Through Pandemic

Rogue internet pharmacies have thrived during the pandemic, preying on unwitting customers looking to buy medication online for the first time, and drawing in buyers trying to access unapproved drugs to treat COVID-19. LegitScript has been tracking these rogue networks as they have tailored their messaging and their offerings to target new audiences.

As part of our mission to help create an internet everyone can trust, LegitScript regularly reports "rogue" internet pharmacies to the registrars that sponsor these domain names. In 2020, LegitScript issued 88 notifications comprising 3,281 domain names. This complimentary notification service helps registrars take action against illicit operators and helps prevent the public from buying potentially unsafe drugs.

 

About the Domain Name Enforcement Program

Since we began the domain name enforcement program, LegitScript has helped to stop about 80,000 rogue pharmacy websites. To shut down a domain name that is used for the illicit sale of drugs, we request that the registrar or registry suspend and lock the domain name. This is an effective way to interrupt the operation of rogue pharmacy websites because it disables the website itself and prevents it from being transferred. We may also contact other companies such as internet service providers (ISPs) or blog hosting companies to recommend that they terminate their relationships, depending on the nature of the website. Most of the companies we notify regarding rogue internet pharmacies have terms and conditions or other agreements that prohibit illicit activity on their platforms.

Common top-level domains such as .com and .net can only be registered with a registrar who is certified by the Internet Corporation for Assigned Names and Numbers (ICANN), the organization responsible for overseeing many databases related to the namespaces and numerical spaces of the internet. ICANN's 2013 Registrar Accreditation Agreement has provisions for domain names used for illegal purposes, and requires that necessary action be taken when such a domain name used is reported. According to the RAA, "unlawful activity" includes conduct that "is prohibited by applicable law and/or exploitation of Registrar's domain name resolution or registration services in furtherance of conduct involving the use of a Registered Name sponsored by Registrar that is prohibited by applicable law."

Most of the other non-ICANN-certified registrars and ISPs have their own rules regarding illicit activity performed through their services. LegitScript requests registrars and registries to shut down rogue internet pharmacies based on these rules.

 

Enforcement Challenges

Internet companies generally suspend domain names or terminate their services in response to our notifications; however, a number of them that do not. Some have ignored notifications outright; others have claimed they cannot take action unless served with a court order. As a result, many dangerous websites engaged in the illegal sales of drugs persist.

The following issues pose an ongoing challenge to the enforcement of rogue internet pharmacies:

  1. Registrars not complying with their own terms and conditions or the ICANN accreditation agreement. To date there has been little consequence for those who refuse to comply.
  2. Incomplete or redacted Whois information. Some ccLTDs such as .jp provide a Whois database, but information is incomplete. Furthermore, Europe's General Data Protection Regulation has compelled many registrars to redact Whois information.
  3. Registrars not locking the domain name. Even if a domain name is suspended, registrars who fail to lock the domain name allow it to be transferred to a new registrar and resume operations.
  4. Persistent rogue pharmacy operators. Few rogue internet pharmacy websites operate in isolation. When one domain name is locked and suspended, operators simply register new ones, and often have pre-registered domain names ready to go live with a new website.
  5. Safe-haven registrars. Although the majority of registrars quickly remove rogue internet pharmacies from their platforms, the result is that the few noncompliant registrars become safe havens for rogue internet pharmacies.

These existing problems contribute to a never-ending game of whack-a-mole with some rogue internet pharmacy networks. LegitScript continues monitoring and reporting rogue pharmacies to registrars to mitigate the problem and help to protect the public.

 

Taking Action Against Rogue Internet Pharmacies

Consumers can also take action to protect themselves. First, check the Whois information of the website to see if it is disclosed. If it is hidden, be skeptical. LegitScript believes legitimate pharmacies should be transparent in their operations. Second, look up a website to see if LegitScript has classified it as a rogue internet pharmacy, or if LegitScript has certified the website as legitimate.

 

Do you want to learn about other internet companies that intentionally harbor high-risk merchants? Download our Safe-haven ISPs FAQ to learn how internet service providers play an important role in the internet landscape as well.

 

Recent Blog Articles

This Piece of Legislation Redefined Hemp for an Entire Nation

The 2018 Farm Bill redefined the legal definition for hemp, and with that change unearthed a nationwide market for hemp-derived CBD products. Learn more about the Farm Bill, explore the current regulatory landscape for hemp and CBD products, and then download LegitScript's CBD Compliance Resource Gu...
Invest in trust and safety.

A Recent Report Recommends Investing in Trust and Safety

In the recent Trust and Safety Market Research Report published by Duco, researchers found that investment in trust and safety is increasingly important and that solutions like LegitScript's Ad Monitoring and Marketplace Monitoring can accelerate these efforts while providing a solid return on inves...
What is fraud prevention?

What Is Fraud Prevention? Here’s What You Need to Know

What do acquiring banks, sponsor banks, and/or payment processors need to know about fraud prevention? We'll cover what fraud prevention is, what payments fraud is, and how LegitScript Merchant Onboarding and Merchant Monitoring fit within your fraud risk management programs framework. Then contact...
fraud risk management

Holistic Fraud Risk Management Programs Look Like This

Taking a holistic, proactive approach to fraud risk management helps your organization mitigate risk, remain compliant, protect your customers, and avoid scrutiny from card brands and regulatory agencies. Discover how LegitScript Merchant Monitoring and Merchant Onboarding fit into your merchant ris...