Identity Fraud And Domain Names

Illustration of an Identity Thief Hiding Behind a ComputerIn recent times, I’ve written about the scammers that are using legitimate company details of others to purchase expiring domains on the expired auction platform at Netfleet.

Netfleet, to their credit, are taking this very seriously (as they should). They have already shut down one such player; and more are in the pipeline hopefully.

However, NF can only do this retrospectively at this stage (based on being notified of issues). It seems that anyone can still sign up online for a new account – all you need is someone’s ABN; an email address; and a throwaway credit card (or heaven forbid someone else’s c/c)!

Hopefully, signup protocols can be toughened.

Why Is This An Issue?

Potential reputational damage is the big one. Imagine the following scenarios if a scammer uses a legitimate company’s details to acquire a domain, and then:

  • Creates an adult website; or
  • Offers products or services; then take the money and never deliver; or
  • Develops the domain and then flogs it to someone; gets the money, and doesn’t transfer the domain.
  • Starts spamming people; or breaching the Do Not Call Register, and complaints are made to ACMA.

Whilst any of the above have nothing to do with the company or entity whose ABN is being “borrowed”, it still takes a lot of explaining if the “proverbial” hits the fan.

A very knowledgeable person yesterday alerted me to the last bullet point issue – the potential for scammers to start spamming in someone else’s identity. This is potentially a biggie.

Here are some recent cases:

  • J & L Mainwaring Pty Ltd has paid a $21,600 infringement notice for breaches of the Spam Act, the Australian Communications and Media Authority has reported. Read article here.
  • Federal Court orders Getaway Escapes and its Director to pay penalties totalling $325,000. Read article here. Ouch!

In Conclusion

Whilst in the first instance it is up to Netfleet (or any other affected registrar) to get these scammers sorted, one of auDA’s stated roles is to protect the integrity of the .au space. Given that auDA can act quickly (and independently of any registrar), they can play a very important role in getting situations like this fixed.

Given the above, I sincerely hope that they appreciate when whistleblowers like myself make them aware of what’s happening. We should all be working together to try and fix the problem.

Ned O’Meara – 16th June 2016


Disclaimer 2


2 thoughts on “Identity Fraud And Domain Names

  • June 16, 2016 at 12:40 pm

    I might just dob in auDA for their recent “survey” to be a PIA.

  • June 16, 2016 at 12:42 pm

    PainInTheA*se – the T is silent. Especially when I stuff it up.

Comments are closed.