Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Phish Are Jumpin'... | Main | Phishing By Phone (Phphishing?) »

February 16, 2005

Fraudulent Domain Registrations

When you're a spam and scam fighter, your pet peeve list is mighty long. But one that ranks up pretty high on my list is the fact that the domain name registration system seems to invite fraud on a huge scale. Does any domain registrar (outside of those responsible for .gov, .edu, and .mil) do any vetting of their applicants?

It sure doesn't seem so.

On the one hand you have domains being registered with names like "paypal" embedded within some other words and hyphens, and the registrant is not PayPal or eBay (which owns PayPal). The chances that this domain will be used for some phishing scheme is pretty high. Yet because no human looks at registration info before a domain is granted, the form can list Dogbert as the owner, and no one will know until the site is up, running, and ripping off visitors.

Speaking of phishing domains, an eBay one just came in. The real link is to a gibberish domain whose registration I checked via the widely available "whois" lookup. Here are the identity fields supplied by the registrant (email userID disguised by me in case it's a valid address; street number also disguised by me):

owner:        wfwef dfsdfsd
email:        <x>#hotmail.com
address:      <x> East 22nd Avenue
city:         36542
state:        --
postal-code:  36542
country:      US

The registrar is a Danish domain reseller for Joker.com. The phishing site is also hosted in Denmark, which leads me to think the phisher knows Danish and may be from there—and not from Gulf Shores, Alabama, where the ZIP code is located. But I don't think anyone from Denmark is named "wfwef dfsdfsd," or as I call him, "Lefty" (check your computer keyboard).

This is nothing compared to even more egregiously bogus registrations I've seen, which use all 9s for phone numbers and postal codes for example.

The automated registration process is so easily scammed, that it makes those of us who fill out the forms honestly look like chumps. Of course the scammers don't expect the domains they register to last long—just long enough to pull off their scam and move on to the next one (this phisher's domain was registered only three days before I got the phishing message). Those of us who do the right thing want to renew our domains and perhaps build some domain-brand identity over time. We want to be contacted at renewal time.

And if you think it's easy to get phony domain registrations cancelled, think again. You can file a complaint, I mean a "Whois Data Problem Report" with the Internet Corporation for Assigned Names and Numbers (ICANN). Just don't expect resolution of the problem anytime soon. The report winds up in the hands of the registrar, who may or may not act on it. Sure, ICANN has all kinds of advisories that sound like registrars have to act relatively promptly. In truth, you'll find more teeth in a hen's beak.

Posted on February 16, 2005 at 01:37 PM