Beware Domain Registration Scams

This week in Security Levity, I want to talk about domain registration fraud. We're seeing various patterns of come-on for this type of fraud. I'm going to describe two such spam samples today.

As the name suggests, domain registration fraud is a catch-all term to describe types of fraud connected with the registration of Internet domain names. It often involves shady registrars, whose aim is to part you from your money in some deceptive way. (A registrar is a company authorized to sell domains by ICANN, or by a country's Internet domain authority.)

Spam is a useful medium for domain registration fraudsters, because every domain should publish an e-mail address for a billing contact. Despite technical efforts to prevent it, it's possible for fraudsters to automate the process and send such spam in some volume.

(See also "The Internet's 100 Oldest Dot-com Domains")

Here are just two ways that fraudsters abuse the system:

1. The bogus renewal

Fraudsters data-mine whois databases to find domains that will soon be up for renewal. They then send an official-looking invoice to the domain's billing contact. The hope is that the recipient won't notice that the invoice isn't from their actual domain registrar and will blindly pay it.

The fine print often notes that, by paying the invoice, you're agreeing to transfer the domain from your legitimate registrar to the fraudster. So not only are you out of pocket, but you may have also contractually locked yourself into paying that registrar for future renewals.

This fraud works best when targeted at large or badly-run organizations, where the individuals are too often busy to check the details of every invoice that passes their desk.

2. The fake trademark protection offer

Trademark protection is usually important to companies. The law in many countries basically says that a brand owner needs to be seen to protect its brand, or it may lose the right to protect it in the future.

Fraudsters play on this, by suggesting that, in their country, there's a organization which is trying to register a domain with your brand in that country. They play on your unfamiliarity with that country's laws and aim to get you to register the name via their registrar. They make it seem like they're doing you a favor. We frequently see this in China, for example.

Let's say you own the U.S. company, Example Inc. Your main domain is example.com and you've pre-emptively registered example.net, example.org, and example.us. You do business in some other countries, so you've registered example.ca and example.co.uk.

Then, you receive this unsolicited email message from China:

Dear Manager,        
We are a professional internet consultant organization in Asia, which mainly deal   with the global companies' domain name registration and internet intellectual property right protection. Currently, we have a pretty important issue needing to confirm with your company.

On the Jul.24th, 2009,we received an application formally.One company named "Tymah Holdings Ltd"who applied for the Internet Trademark: " example" and some domain names relevant to this trademark from our organization.

After our initial examination, we found that the keywords and domain names applied for registration are as same as your company's name and trademark. We don't know whether you have any relation with them. Now we have not finished the registration of Tymah Holdings Ltd yet,If you considered these domain names and Internet Trademark are important to your company,in order to deal with this issue better,Please contact us by telephone or email as soon as possible.

What would you do? On the one hand, you might wish to pay this spammer to pre-emptively register your brand as a Chinese domain: example.cn. On the other hand, you suspect that Tymah Holdings Ltd doesn't, in fact, exist!

If you reply asking the registrar to not give away those domain names you'll be asked to buy them yourself for several years up-front.

(As an aside, this type of scam might get more prevalent if ICANN implements its proposed scheme for adding many more top-level domains.)

That's the two examples I wanted to discuss today. Perhaps you've received something similar?

I want to make this an interactive place: where I can answer questions and cover topics that you suggest. Feel free to add comments and ask Amir!


When he's not protecting his domains, Amir Lev is the CTO, President, and co-founder of Commtouch (NASDAQ:CTCH), an e-mail and Web defense technology provider.

Subscribe to the Security Watch Newsletter

Comments