Cyber Criminals In The .AU Space

My article on Thursday entitled “Well Done auDA!” unearthed more discoveries about a certain type of cyber-criminal activity in the .au space. It was just the tip of the proverbial iceberg.

The essence of the problem is this:

♦  Scammers use someone else’s identity and ABN to buy .au domain names that have just expired.

♦  Sometimes they bid on the expired auctions with fake accounts; but mostly they purchase domains after the auction (domains that haven’t been picked up by legitimate Aussie buyers). Their preferred registrar seems to be Public Domain Registry (I’m not linking to them on purpose).

♦  These scammers then immediately put up fake ecommerce websites selling shoes, sunglasses or clothes. They obviously make money out of these activities from innocent Australian consumers – if they didn’t, they wouldn’t do it.

♦  auDA is very much aware of these scammers, and now have an acronym for them – UBU’s (Unauthorised Business Use).

The Scale Of The Problem Is Enormous

Thanks to some well-informed and well-meaning cyber-sleuths, auDA is now aware of at least another 7000 + domains that are UBU’s. That is not a misprint either! A plain text file was forwarded to me late Thursday (which I have forwarded to auDA).

Once again, to auDA’s credit, they are taking this extremely seriously – as you would hope and expect of a regulator.

As auDA says in this short video clip from their website, consumers are supposed to have confidence in the .au space. A domain name is supposed to do “what it says on the box”.

Two Examples From The List Of 7000+

I picked two at random. 1300accommodation.com.au and prestonschoolofmusic.com.au.

These certainly don’t do what it says on the box!

Action Stations auDA

♦  These sites need to be suspended or shut down immediately you become aware of them.

♦  To delay just 7 days means that the scammers would have probably more than covered their registration cost e.g. sale of one pair of shoes or sunglasses.

♦  Look at the common denominators – Public Domain Registry; Tucows, nameservers of ns1.alidns.com, and suspect email addresses – @163.com seems very popular for these scammers.

Ned O’Meara – 22nd May 2017

7 thoughts on “Cyber Criminals In The .AU Space

  • Avatar
    May 22, 2017 at 9:37 am
    Permalink

    Now that they are aware of the problem don’t they become liable?

    Like
    3 people like this.
    • Ned O'Meara
      May 22, 2017 at 12:02 pm
      Permalink

      @David – that is actually a very good question! I don’t know the answer – perhaps we could ask Erhan Karabardak’s view? After all, he is a lawyer and auDA Director.

      Like
      5 people like this.
    • Avatar
      May 23, 2017 at 6:50 pm
      Permalink

      Very good question.9

      Like
      Anonymous likes this.
  • Avatar
    May 22, 2017 at 10:41 am
    Permalink

    Perhaps this will produce the next 3 million domains?

    Like
    5 people like this.
    • Ned O'Meara
      May 22, 2017 at 12:04 pm
      Permalink

      These are just recycled domains – so no real “growth” Snoopy.

      However, every time auDA deletes them, they appear on the drops again, and AusRegistry, auDA and the registrar get another “feed”. Ad infinitum.

      Like
      3 people like this.
    • Avatar
      May 23, 2017 at 6:51 pm
      Permalink

      Double dipping.

      Like
      2 people like this.
      • Ned O'Meara
        May 23, 2017 at 6:54 pm
        Permalink

        Sometimes it’s double dipping to the power of ??????

        Like
        2 people like this.

Comments are closed.