My article on Thursday entitled “Well Done auDA!” unearthed more discoveries about a certain type of cyber-criminal activity in the .au space. It was just the tip of the proverbial iceberg.
The essence of the problem is this:
♦ Scammers use someone else’s identity and ABN to buy .au domain names that have just expired.
♦ Sometimes they bid on the expired auctions with fake accounts; but mostly they purchase domains after the auction (domains that haven’t been picked up by legitimate Aussie buyers). Their preferred registrar seems to be Public Domain Registry (I’m not linking to them on purpose).
♦ These scammers then immediately put up fake ecommerce websites selling shoes, sunglasses or clothes. They obviously make money out of these activities from innocent Australian consumers – if they didn’t, they wouldn’t do it.
♦ auDA is very much aware of these scammers, and now have an acronym for them – UBU’s (Unauthorised Business Use).
The Scale Of The Problem Is Enormous
Thanks to some well-informed and well-meaning cyber-sleuths, auDA is now aware of at least another 7000 + domains that are UBU’s. That is not a misprint either! A plain text file was forwarded to me late Thursday (which I have forwarded to auDA).
Once again, to auDA’s credit, they are taking this extremely seriously – as you would hope and expect of a regulator.
As auDA says in this short video clip from their website, consumers are supposed to have confidence in the .au space. A domain name is supposed to do “what it says on the box”.
Two Examples From The List Of 7000+
I picked two at random. 1300accommodation.com.au and prestonschoolofmusic.com.au.
These certainly don’t do what it says on the box!
Action Stations auDA
♦ These sites need to be suspended or shut down immediately you become aware of them.
♦ To delay just 7 days means that the scammers would have probably more than covered their registration cost e.g. sale of one pair of shoes or sunglasses.
♦ Look at the common denominators – Public Domain Registry; Tucows, nameservers of ns1.alidns.com, and suspect email addresses – @163.com seems very popular for these scammers.
Ned O’Meara – 22nd May 2017