Identity Thief Finally Nabbed!

Pulling Hair DFCAs regular readers may recall, I have written about various scammers who have used the legitimate details of Australian companies or businesses to acquire domains for their own use (at the expired domain auctions). Netfleet has been the vehicle of choice for these people.

One brazen scammer used the details of the National Australia Bank; another used the identity of a domain investor. This was covered here. The wheels of justice moved slowly, however eventually these problems were rectified, and the domains deleted.

Then there was the person that used the details of Bremco Metal Products. I wrote about that in my article “Scammers Beware!“. An identity thief using the name “Jonathan Lastly” – and the email address [email protected] – used Bremco’s details to register 30 domains in total. This happened between the 27th December 2015, and 5th August 2016.

I’m pleased to report that after much persistent complaining to auDA and Netfleet, these domains were put into Policy Delete yesterday. A big “hat tip” to Nikki Scholes from Netfleet who took this issue very seriously. She followed through and investigated the situation thoroughly. She also communicated with the owner of Bremco to let him know that she was taking action. Well done Nikki!

Costly Exercise

By my calculations, this particular fraudster is now out of pocket around $2100 for these 30 domains. This is based on the average cost of acquisition (about $20 + GST); and $49.95 registration fee to Netfleet. Hopefully that may deter him in future.

These were the domains:

In Conclusion

If anyone sees more “suss registrations”, please let me know. We will never stop the scammers, but if we can disrupt a few along the way, that would be great!

Ned O’Meara – 2nd September 2016

32 thoughts on “Identity Thief Finally Nabbed!

  • September 2, 2016 at 12:18 pm

    i would have expected a more impressive list ! ones that would be easier to sell on quickly.

    when you allow people to sign up with gmail you invite disaster IMO, any domain investor surely has a domain email address. at the very least you should have to signup with a domain email but then be able to pick the “seen” email address, this gives privacy but also some form of trace back?


  • September 2, 2016 at 1:19 pm

    What happened to the money?

    Is Netfleet planning on making a double profit from their customers illegal activities by keeping all the money and then reauctioning the same names again when they get deleted?

    • September 2, 2016 at 2:03 pm


      Who do you suggest they give the money to?

      I don’t think NF has done anything wrong in this instance (yes, believe it or not I’m defending them !).

      They weren’t to know that any of the early acquisitions were fraudulent. I suppose it could be argued that they were put on notice back in May, and therefore they perhaps shouldn’t have taken any more bids after then. However, to be fair to Nikki, she did have to investigate to make sure that I wasn’t just complaining without foundation.

      Obviously, NF still have to bear the wholesale cost of the registrations etc.

      Maybe they could make a gesture and put it behind the bar for a domainers meetup? 🙂


      • September 2, 2016 at 2:32 pm


        They should simply reverse the transaction, that is what an ethically run business would do. It is up to Netfleet to recover the “wholesale cost” because they have worked to get the name deleted themselves.

        They are directly profiting from this. Do you think they were aware of what was going on? They have a history of allowing people to buy names (even promoting those names in emails) knowing full well that the registration would not comply with AUDA policy, they then re-auction the name getting more revenue when it drops. So when this kind of activity takes place on their site they are rewarded for it.


        • September 2, 2016 at 3:00 pm

          @Paul – I’m totally with you when it comes to NF not purposely benefiting from continuous recycling (and promotion) of Policy Delete type domains. In fact, I’ve written several articles and posts over the years about this. I hate it.

          But I don’t think this is the case in this instance.

          When you say “reverse the transaction”; wouldn’t that mean that they have to refund the scammer?

          • September 2, 2016 at 3:17 pm

            Yes Ned, they should refund it. They have no right to that money, it has been obtained via someone doing something illegal. Netfleet isn’t the police or a court, they can’t decide to penalise people for illegal activity. The problem is the double dipping, re-auctioning and keeping the money.

            Does Bremco Metal Products know that Netfleet made $2100 from the illegal activities?


            • September 2, 2016 at 3:56 pm

              Hi Snoopy

              My apologies for jumping into the conversation but it is important that we deal with these issues.

              Regarding rights to the money, this is a grey area. There are costs involved and at the time we believed the purchases were legitimate. The domain industry is still young and there are a few things that need ironing out. We will find a solution to these issues in due course, through discussions like this. I do not think that scammers should be reimbursed, I do however like Ned’s meetup idea.

              Any sensible company would not be interested in double dipping. Although there are short-term gains, the long term effects are costly. It’s not worth it.

              I would like to see the domain industry cleaned up. To grow the industry we should  show people that they can have confidence in it. Fraudulent activity makes the industry look dodgy and goes against what we are trying to do.

              Regarding the recycling of Policy Delete names, I have views on this too and am looking forward to having discussions about it.

              Today we identified another case where a scammer has been registering domain names. The company director has been contacted and we’re going through the process.

              I’m not sure if there is a way to avoid these registrations from happening, but we could possibly deter the scammers by identifying them early on in their game.

              If anyone sees anything fishy, please let me know and I’ll look into it (if you don’t have my email address contact me through the support email).

              Kind regards, Nikki

              • September 2, 2016 at 4:12 pm

                Hello Nikki,

                If Netfleet sees this revenue as “grey” then you can be pretty sure that any third party would see this as as “black”. Do the right thing and stop taking money from names you’ve managed to get deleted yourselves as well as names you know will get deleted when you take the money.

                The way to avoid this from happening is to identify new customers with bogus details, especially those bidding, there isn’t that many names getting bought on the drop each day so this is hardly a big job. The problem is Netfleet has no financial incentive to do that. Parking companies do this all day. The other thing would be to block names you know will be deleted.

                Regarding “Any sensible company would not be interested in double dipping.” Netfleet has been doing this for a long time.

            • September 2, 2016 at 4:44 pm

              Paul, I will disagree with you here. I don’t think identity scammers should ultimately be refunded. If that happens, what disincentive is there to stop the same activity happening time and time again? They’ll simply think that if they get caught, there is no penalty. Therefore open slather.

              Thinking about it a bit more though, I do agree with you that apart from recovering actual costs, Netfleet shouldn’t benefit from the initial scam either.

              • September 5, 2016 at 9:30 am

                I agree, I don’t think Netfleet should profit from scammers.

                Snoopy, great idea! You obviously have a solution in mind, I would like to hear it. All registrars should implement it.

              • September 5, 2016 at 9:54 am

                what disincentive is there to stop the same activity happening time and time again? They’ll simply think that if they get caught, there is no penalty. Therefore open slather.


                The disincentive would be all the time they spent acquiring names that they have then lost. I don’t think scammers are going to keep coming back if they lose the names.

                Here is another question. What disincentive is there for Netfleet to stop the same thing happening again? At the moment they make even more money when the names get deleted and they get to re-auction then.

                I think Netfleet would know these people are not eligible as soon as they sign up. Anyone signing up with a non australian ip address would be be suspect and I’d bet there is a whole lot of other red flags in their signup info that Netfleet couldn’t care less about (unless AUDA gets involved and blog posts get written). Comes back to Netfleet’s business practices in my view, they are the main party at fault in this in my view.  Ditto for all the other names they’ve caught that have then been policy deleted.

              • September 5, 2016 at 6:36 pm

                I am with you on this Ned.

                I think it’s important to separate Netfleet into two products when analyzing this;  Netfleet the Auction and Netfleet the Registrar.

                When you participate in the auction you warrant that you are fully aware of and compliant with auDA policies.   Once you’ve bought the domain your dealings with Netfleet Auction are over.

                If however, down the track the eligibility of the registration is called into question, Netfleet the Registrar has an obligation to follow policy, which they have done.

                • September 5, 2016 at 8:10 pm

                  @Cam – thanks; good to get a competing registrar’s point of view.

                • September 6, 2016 at 10:09 am

                  I don’t think it is as simple as “what is in the terms of service”. Netfleet are out there advertising names to people that they know will get deleted by AUDA. They are encouraging non compliant registrations for example by sending out emails promoting those names.

                  I don’t know precisely what Netfleet knew about this buyer but I find it hard to believe they thought those registrations were compliant at the time, I think they are simply taking the money and ignoring things. Hiding behind TOS while encouraging them to be broken (or ignoring it when people do) isn’t good enough.

                  Netfleet have a history of encouraging registrations that would get policy deleted, I don’t think they can simply wash their hands of this on the basis of TOS.

                  • September 6, 2016 at 10:35 am

                    Hi Snoopy

                    We don’t actively market the names, we list them and notify those who have signed up to be notified. This however is a separate issue and we should not confuse the two.

                    I do not feel it is necessary to defend Netfleet, we have done nothing wrong. View it as you will but the facts speak for themselves.

                • September 6, 2016 at 10:17 am

                  Hi Cam

                  Thank you for joining in.

                  You have summarised the issue well.

  • September 2, 2016 at 1:40 pm

    Thanks Ned! So how would one go about getting one of these names? Looks like they are still unavailable and registered under that person.


      • September 2, 2016 at 2:04 pm

        Perfect, thanks a lot. So after 14 days it can be just bought via Netregistry or similar, or is there a special way to buy such domains after deletion? Just don’t want to miss out on it.

        • September 2, 2016 at 2:18 pm

          I didn’t think there were any standout domains on the list! But you’ve obviously spotted something you like. 🙂

          These domains will appear on the expired auctions in about 13 days – Netfleet, Drop and Domain Shield. If no one bids on them, they will then be available for hand registration (at about 1.10pm on the day that they drop).

          • September 2, 2016 at 4:30 pm

            Great, I’ll keep my eye on Netfleet then. No clue how these auctions work, but I guess I’ll have to learn now. 🙂

            ps. your captcha is a serious challenge!

  • September 2, 2016 at 8:25 pm

    Why waste the effort to register such rubbish? Obviously a criminally minded fraudulent fool.

    • September 2, 2016 at 9:05 pm

      @Peter – according to an SEO friend of mine, they were purchased due to backlinks.

  • September 2, 2016 at 9:03 pm

    Just donate the proceeds to a worthy cause.


    • September 5, 2016 at 9:33 am

      Hi David

      I was thinking that exact thing this weekend. It’s the best way to make use of those funds.

  • September 2, 2016 at 9:20 pm

    I’m with you Ned. Scammers should not be rewarded.  Perhaps Netfleet could have a more thorough account approval process? Like phone authentication.

  • September 3, 2016 at 12:16 am

    Did this guy use his own credit card? If so, wouldn’t the police or AFP be involved under the proceeds of crime Act 2002 …If it were a stolen credit card then why wouldn’t netfleet refund it? I would imagine the bank would be seeking to reclaim it for their customer, surely you would see it on your transaction statement and say, what the?



    • September 3, 2016 at 8:09 am

      @Scotty – judging by the length of time this particular person was buying for, it wouldn’t have been a stolen c/c. If it was, there would have been chargebacks – and that would have guaranteed an immediate Netfleet response! 😉

      None of the domains were sold (to my knowledge), so there are no “proceeds”. The thought from more learned people than I was that they were using these domains for their backlinks etc.

      Now if the .au namespace was opened up like our Kiwi cousins, then there wouldn’t be any issue. But that’s another story isn’t it!

      • September 5, 2016 at 9:45 am

        Definitely, if it was a stolen credit card we would have known about it sooner and would have done something earlier.

        As much as I’d like to jump on my steed and fight crime in the domain name industry, I’ll leave it to auDA. This is there area. We will assist as much as possible.

        Ned, very true about NZ. Good point. I wonder if Australia will end up going the same way.

  • September 5, 2016 at 6:08 pm

    by NZ i take it you mean having your name next to your bid?

    donate to a charity not such a bad idea, i give it a tick

    surely all names on audas list should be programmed by auda,nf,drop and ds so they don’t show. auda managed yearsssssssssss ago to stop place names from being registered !

    send the scammer an email saying ” your refund is available for pick up at dubbo police station ” LOL





    • September 5, 2016 at 8:08 pm

      @Tim – by NZ, I mean open up registrations of .au domains to anyone on the planet. Just like .com; .nz; .uk.

      I know .au is supposed to be “special” and “protected”, but when anyone from overseas can make an application for an Aussie TM and then become “eligible”, it does make a mockery of the rules. Imho.

Comments are closed.