16 May 2023
In Australia, the .com.au domain name is the preferred choice for businesses. It is trusted by brands and consumers alike and is well-regulated by Australia’s governing body, AUDA. However, bad actors can exploit the .com.au domain name allocation policy by registering domain names using the details of established Australian businesses.
Brandsec has identified several instances where prominent brands details were misused in domain name registrations not related to them. Fortunately, we were able to swiftly facilitate the cancellation of these domain names with the assistance of auDA. Nevertheless, we believe that this issue warrants a blog post, urging brands to incorporate it into their domain name security policy.
The Domain Name Registrant
A domain name Registrant is an individual or organisation that has registered a specific domain name with a domain name Registrar. The Registrant is the legal owner of the domain name and has the authority to use, manage, and control the associated website and email services. The Registrant provides their contact information, including name, address, email address, and phone number, to the domain name registrar during the registration process. This information is then recorded in the WHOIS database, which is a publicly accessible directory of domain name Registrants.
What is Registrant Impersonation?
Registrant Impersonation refers to the practice of using someone else’s business information, such as their company information and ABN, to register a domain name, often with the intention of impersonating that company and creating an illusion of legitimacy. Malicious actors employ this technique to deceive users into believing they are accessing a reliable website when, in reality, they are being directed to a fraudulent or malicious site.
Registrant Impersonation can be relatively easy to execute. The perpetrator simply needs to search for a company name and its current ABN. With this information, they can proceed to register a .com.au domain name, even without any legitimate affiliation to the company whose details they are exploiting. Although such actions are in violation of the .AU allocation policy, Registrars generally do not verify the true identity of Registrants.
Registrant impersonation is not policed by Registrars
The misappropriation of business information for malicious domain name registration can have serious consequences, as it creates an illusion of authority for the domain name. This can facilitate various illicit activities, such as phishing emails, fraudulent websites, counterfeiting sites, and more. Since the entity responsible for a domain name is theoretically accountable for its content and activities, organisations may find themselves unwittingly entangled in legal investigations and proceedings.
How to Combat Registrant Impersonation?
To combat Registrant Impersonation, brands can take several steps:
Monitor: Firstly, they should monitor their brand name and related keywords to detect any unauthorized registrations of domain names that could be used for phishing or other malicious activities. A good domain name monitoring tool will discover identical and confusingly similar domain name registrations in many domain name spaces and record Registrant information where available, such as in the .au space.
Defensive Registrations: Secondly, businesses should register their brands in key markets as well as misspellings that could be used to trick customers.
.AU Audit: Finally, businesses can request an audit of their brands in the .au space. AuDA, the regulatory body for .au domain names, facilitates this service by providing a comprehensive list of domain names registered within all .au domain name spaces, including .com.au, .net.au, and others. In the event that unrelated domain name registrations are discovered, organisations can submit a request to AuDA to cancel any fraudulent domain names.
To obtain an audit, organisations need to follow a specific procedure, which typically involves the following steps:
- Submit a formal request to AuDA expressing the intention to conduct a .AU Audit for their brands in the .au space.
- Provide the necessary details, including the names and relevant information about the brands associated with the audit, ABN , key contact etc.
- Collaborate with AuDA by providing any additional information or documentation required for the audit, such a Business Certificate.
- Once the audit is complete, AuDA will deliver a comprehensive report listing all domain names registered in the .au space that pertain to the specified brands.
- Based on the findings, organizations can identify any unrelated or unauthorized domain names and submit a cancellation request to AuDA to have those domain names invalidated.
It is generally recommended to conduct an annual review of the .au space to proactively identify and address any potential brand infringements. However, conducting quarterly reviews is also suggested to ensure timely detection and resolution of any issues.
By following these steps, businesses can engage in the .AU Audit process and work towards maintaining the integrity and protection of their brands within the .au domain space.
Registrant Impersonation is a serious issue that can have significant consequences for businesses and their customers. By monitoring their brand name, registering misspellings, and conducting periodic audits, businesses can take proactive steps to protect themselves from Registrant Impersonation.
About Brandsec
Brandsec is a corporate domain name management and brand protection company that looks after many of Australia, New Zealand, and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS and SSL management, domain name brokerage and dispute management, and brand security consultation services.