Identity Thief Finally Nabbed!

Pulling Hair DFCAs regular readers may recall, I have written about various scammers who have used the legitimate details of Australian companies or businesses to acquire domains for their own use (at the expired domain auctions). Netfleet has been the vehicle of choice for these people.

One brazen scammer used the details of the National Australia Bank; another used the identity of a domain investor. This was covered here. The wheels of justice moved slowly, however eventually these problems were rectified, and the domains deleted.

Then there was the person that used the details of Bremco Metal Products. I wrote about that in my article “Scammers Beware!“. An identity thief using the name “Jonathan Lastly” – and the email address jlarstlyonline@gmail.com – used Bremco’s details to register 30 domains in total. This happened between the 27th December 2015, and 5th August 2016.

I’m pleased to report that after much persistent complaining to auDA and Netfleet, these domains were put into Policy Delete yesterday. A big “hat tip” to Nikki Scholes from Netfleet who took this issue very seriously. She followed through and investigated the situation thoroughly. She also communicated with the owner of Bremco to let him know that she was taking action. Well done Nikki!

Costly Exercise

By my calculations, this particular fraudster is now out of pocket around $2100 for these 30 domains. This is based on the average cost of acquisition (about $20 + GST); and $49.95 registration fee to Netfleet. Hopefully that may deter him in future.

These were the domains:

adelaide-propertyvaluers.net.au
albanyrefrigeration.com.au
alliedtrade.com.au
ascconsultants.com.au
ausconfonerrorinmedicalimaging.com.au
bayinfo.com.au
bestofwa.com.au
businessconnect.com.au
chronologic.com.au
dcimports.com.au
expressions-photo.com.au
filterqueen.com.au
health-clinic.com.au
horizonrealestate.com.au
hotheadlines.com.au
impressiveresumes.com.au
luxuryescapes.net.au
makesafesecurity.com.au
medconnect.com.au
migrating-to-australia.com.au
ncsf.com.au
netinfo.com.au
otnsw.com.au
piranhabros.com.au
realestatedatasolutions.com.au
rtkindustries.com.au
sellmyhousequickly.com.au
southwestlife.com.au
urologymeeting.com.au
valvetech.com.au

In Conclusion

If anyone sees more “suss registrations”, please let me know. We will never stop the scammers, but if we can disrupt a few along the way, that would be great!

Ned O’Meara – 2nd September 2016

32 thoughts on “Identity Thief Finally Nabbed!

  • tim
    September 2, 2016 at 12:18 pm
    Permalink

    i would have expected a more impressive list ! ones that would be easier to sell on quickly.

    when you allow people to sign up with gmail you invite disaster IMO, any domain investor surely has a domain email address. at the very least you should have to signup with a domain email but then be able to pick the “seen” email address, this gives privacy but also some form of trace back?

    tim

  • Avatar
    September 2, 2016 at 1:19 pm
    Permalink

    What happened to the money?

    Is Netfleet planning on making a double profit from their customers illegal activities by keeping all the money and then reauctioning the same names again when they get deleted?

    • Ned O'Meara
      September 2, 2016 at 2:03 pm
      Permalink

      @Paul

      Who do you suggest they give the money to?

      I don’t think NF has done anything wrong in this instance (yes, believe it or not I’m defending them !).

      They weren’t to know that any of the early acquisitions were fraudulent. I suppose it could be argued that they were put on notice back in May, and therefore they perhaps shouldn’t have taken any more bids after then. However, to be fair to Nikki, she did have to investigate to make sure that I wasn’t just complaining without foundation.

      Obviously, NF still have to bear the wholesale cost of the registrations etc.

      Maybe they could make a gesture and put it behind the bar for a domainers meetup? 🙂

       

      • Avatar
        September 2, 2016 at 2:32 pm
        Permalink

        Ned,

        They should simply reverse the transaction, that is what an ethically run business would do. It is up to Netfleet to recover the “wholesale cost” because they have worked to get the name deleted themselves.

        They are directly profiting from this. Do you think they were aware of what was going on? They have a history of allowing people to buy names (even promoting those names in emails) knowing full well that the registration would not comply with AUDA policy, they then re-auction the name getting more revenue when it drops. So when this kind of activity takes place on their site they are rewarded for it.

        https://www.dntrade.com.au/threads/utube-com-au.2984/

        http://domainbrokeraustralia.com.au/netfleet-auda-complaint-2014/

         

        • Ned O'Meara
          September 2, 2016 at 3:00 pm
          Permalink

          @Paul – I’m totally with you when it comes to NF not purposely benefiting from continuous recycling (and promotion) of Policy Delete type domains. In fact, I’ve written several articles and posts over the years about this. I hate it.

          But I don’t think this is the case in this instance.

          When you say “reverse the transaction”; wouldn’t that mean that they have to refund the scammer?

          • Avatar
            September 2, 2016 at 3:17 pm
            Permalink

            Yes Ned, they should refund it. They have no right to that money, it has been obtained via someone doing something illegal. Netfleet isn’t the police or a court, they can’t decide to penalise people for illegal activity. The problem is the double dipping, re-auctioning and keeping the money.

            Does Bremco Metal Products know that Netfleet made $2100 from the illegal activities?

             

            • Avatar
              September 2, 2016 at 3:56 pm
              Permalink

              Hi Snoopy

              My apologies for jumping into the conversation but it is important that we deal with these issues.

              Regarding rights to the money, this is a grey area. There are costs involved and at the time we believed the purchases were legitimate. The domain industry is still young and there are a few things that need ironing out. We will find a solution to these issues in due course, through discussions like this. I do not think that scammers should be reimbursed, I do however like Ned’s meetup idea.

              Any sensible company would not be interested in double dipping. Although there are short-term gains, the long term effects are costly. It’s not worth it.

              I would like to see the domain industry cleaned up. To grow the industry we should  show people that they can have confidence in it. Fraudulent activity makes the industry look dodgy and goes against what we are trying to do.

              Regarding the recycling of Policy Delete names, I have views on this too and am looking forward to having discussions about it.

              Today we identified another case where a scammer has been registering domain names. The company director has been contacted and we’re going through the process.

              I’m not sure if there is a way to avoid these registrations from happening, but we could possibly deter the scammers by identifying them early on in their game.

              If anyone sees anything fishy, please let me know and I’ll look into it (if you don’t have my email address contact me through the support email).

              Kind regards, Nikki

              • Avatar
                September 2, 2016 at 4:12 pm
                Permalink

                Hello Nikki,

                If Netfleet sees this revenue as “grey” then you can be pretty sure that any third party would see this as as “black”. Do the right thing and stop taking money from names you’ve managed to get deleted yourselves as well as names you know will get deleted when you take the money.

                The way to avoid this from happening is to identify new customers with bogus details, especially those bidding, there isn’t that many names getting bought on the drop each day so this is hardly a big job. The problem is Netfleet has no financial incentive to do that. Parking companies do this all day. The other thing would be to block names you know will be deleted.

                Regarding “Any sensible company would not be interested in double dipping.” Netfleet has been doing this for a long time.

            • Ned O'Meara
              September 2, 2016 at 4:44 pm
              Permalink

              Paul, I will disagree with you here. I don’t think identity scammers should ultimately be refunded. If that happens, what disincentive is there to stop the same activity happening time and time again? They’ll simply think that if they get caught, there is no penalty. Therefore open slather.

              Thinking about it a bit more though, I do agree with you that apart from recovering actual costs, Netfleet shouldn’t benefit from the initial scam either.

              • Avatar
                September 5, 2016 at 9:30 am
                Permalink

                I agree, I don’t think Netfleet should profit from scammers.

                Snoopy, great idea! You obviously have a solution in mind, I would like to hear it. All registrars should implement it.

              • Avatar
                September 5, 2016 at 9:54 am
                Permalink

                what disincentive is there to stop the same activity happening time and time again? They’ll simply think that if they get caught, there is no penalty. Therefore open slather.

                //////////////

                The disincentive would be all the time they spent acquiring names that they have then lost. I don’t think scammers are going to keep coming back if they lose the names.

                Here is another question. What disincentive is there for Netfleet to stop the same thing happening again? At the moment they make even more money when the names get deleted and they get to re-auction then.

                I think Netfleet would know these people are not eligible as soon as they sign up. Anyone signing up with a non australian ip address would be be suspect and I’d bet there is a whole lot of other red flags in their signup info that Netfleet couldn’t care less about (unless AUDA gets involved and blog posts get written). Comes back to Netfleet’s business practices in my view, they are the main party at fault in this in my view.  Ditto for all the other names they’ve caught that have then been policy deleted.

              • Avatar
                September 5, 2016 at 6:36 pm
                Permalink

                I am with you on this Ned.

                I think it’s important to separate Netfleet into two products when analyzing this;  Netfleet the Auction and Netfleet the Registrar.

                When you participate in the auction you warrant that you are fully aware of and compliant with auDA policies.   Once you’ve bought the domain your dealings with Netfleet Auction are over.

                If however, down the track the eligibility of the registration is called into question, Netfleet the Registrar has an obligation to follow policy, which they have done.

                • Ned O'Meara
                  September 5, 2016 at 8:10 pm
                  Permalink

                  @Cam – thanks; good to get a competing registrar’s point of view.

                • Avatar
                  September 6, 2016 at 10:09 am
                  Permalink

                  I don’t think it is as simple as “what is in the terms of service”. Netfleet are out there advertising names to people that they know will get deleted by AUDA. They are encouraging non compliant registrations for example by sending out emails promoting those names.

                  I don’t know precisely what Netfleet knew about this buyer but I find it hard to believe they thought those registrations were compliant at the time, I think they are simply taking the money and ignoring things. Hiding behind TOS while encouraging them to be broken (or ignoring it when people do) isn’t good enough.

                  Netfleet have a history of encouraging registrations that would get policy deleted, I don’t think they can simply wash their hands of this on the basis of TOS.

                  • Avatar
                    September 6, 2016 at 10:35 am
                    Permalink

                    Hi Snoopy

                    We don’t actively market the names, we list them and notify those who have signed up to be notified. This however is a separate issue and we should not confuse the two.

                    I do not feel it is necessary to defend Netfleet, we have done nothing wrong. View it as you will but the facts speak for themselves.

                • Avatar
                  September 6, 2016 at 10:17 am
                  Permalink

                  Hi Cam

                  Thank you for joining in.

                  You have summarised the issue well.

  • Avatar
    September 2, 2016 at 1:40 pm
    Permalink

    Thanks Ned! So how would one go about getting one of these names? Looks like they are still unavailable and registered under that person.

     

      • Avatar
        September 2, 2016 at 2:04 pm
        Permalink

        Perfect, thanks a lot. So after 14 days it can be just bought via Netregistry or similar, or is there a special way to buy such domains after deletion? Just don’t want to miss out on it.

        • Ned O'Meara
          September 2, 2016 at 2:18 pm
          Permalink

          I didn’t think there were any standout domains on the list! But you’ve obviously spotted something you like. 🙂

          These domains will appear on the expired auctions in about 13 days – Netfleet, Drop and Domain Shield. If no one bids on them, they will then be available for hand registration (at about 1.10pm on the day that they drop).

          • Avatar
            September 2, 2016 at 4:30 pm
            Permalink

            Great, I’ll keep my eye on Netfleet then. No clue how these auctions work, but I guess I’ll have to learn now. 🙂

            ps. your captcha is a serious challenge!

  • Avatar
    September 2, 2016 at 8:25 pm
    Permalink

    Why waste the effort to register such rubbish? Obviously a criminally minded fraudulent fool.

    • Ned O'Meara
      September 2, 2016 at 9:05 pm
      Permalink

      @Peter – according to an SEO friend of mine, they were purchased due to backlinks.

  • Avatar
    September 2, 2016 at 9:03 pm
    Permalink

    Just donate the proceeds to a worthy cause.

     

    • Avatar
      September 5, 2016 at 9:33 am
      Permalink

      Hi David

      I was thinking that exact thing this weekend. It’s the best way to make use of those funds.

  • Avatar
    September 2, 2016 at 9:20 pm
    Permalink

    I’m with you Ned. Scammers should not be rewarded.  Perhaps Netfleet could have a more thorough account approval process? Like phone authentication.

  • Scotty
    September 3, 2016 at 12:16 am
    Permalink

    Did this guy use his own credit card? If so, wouldn’t the police or AFP be involved under the proceeds of crime Act 2002 …If it were a stolen credit card then why wouldn’t netfleet refund it? I would imagine the bank would be seeking to reclaim it for their customer, surely you would see it on your transaction statement and say, what the?

     

     

    • Ned O'Meara
      September 3, 2016 at 8:09 am
      Permalink

      @Scotty – judging by the length of time this particular person was buying for, it wouldn’t have been a stolen c/c. If it was, there would have been chargebacks – and that would have guaranteed an immediate Netfleet response! 😉

      None of the domains were sold (to my knowledge), so there are no “proceeds”. The thought from more learned people than I was that they were using these domains for their backlinks etc.

      Now if the .au namespace was opened up like our Kiwi cousins, then there wouldn’t be any issue. But that’s another story isn’t it!

      • Avatar
        September 5, 2016 at 9:45 am
        Permalink

        Definitely, if it was a stolen credit card we would have known about it sooner and would have done something earlier.

        As much as I’d like to jump on my steed and fight crime in the domain name industry, I’ll leave it to auDA. This is there area. We will assist as much as possible.

        Ned, very true about NZ. Good point. I wonder if Australia will end up going the same way.

  • tim
    September 5, 2016 at 6:08 pm
    Permalink

    by NZ i take it you mean having your name next to your bid?

    donate to a charity not such a bad idea, i give it a tick

    surely all names on audas list should be programmed by auda,nf,drop and ds so they don’t show. auda managed yearsssssssssss ago to stop place names from being registered !

    send the scammer an email saying ” your refund is available for pick up at dubbo police station ” LOL

    tim

     

     

     

    • Ned O'Meara
      September 5, 2016 at 8:08 pm
      Permalink

      @Tim – by NZ, I mean open up registrations of .au domains to anyone on the planet. Just like .com; .nz; .uk.

      I know .au is supposed to be “special” and “protected”, but when anyone from overseas can make an application for an Aussie TM and then become “eligible”, it does make a mockery of the rules. Imho.

Comments are closed.