Phishing domain names
A phishing domain name is a domain name that is registered to look like a legitimate domain name. Phishing domain names are used in phishing attacks, which are attempts to trick people into revealing personal information, such as passwords or credit card numbers.
Phishing domain names are often created by registering a domain name that is very similar to a legitimate domain name. For example, a phisher might register the domain name “googe.com” in an attempt to trick people into thinking it is a legitimate Google website.
Under the Registry Accreditation Agreement (RAA), domain name registrars have the responsibility to respond to complaints of domain name abuse, especially phishing domain names in a timely and reasonable manner. This includes investigating the complaint and taking appropriate and timely action, such as suspending or revoking the domain name.
What is the RAA?
The RAA is an agreement between the Internet Corporation for Assigned Names and Numbers (ICANN) and domain name registrars. The RAA sets forth the requirements that registrars must meet in order to be accredited by ICANN. There are similar agreements for ccTLD with local Registries.
One of the key requirements of the RAA is that registrars must have a policy in place for handling complaints of domain name abuse. This policy must be publicly available and provide a process for resolving complaints in a timely and fair manner.
ICANN has the power to suspend or revoke the accreditation of a registrar that fails to comply with the RAA. This can have a significant impact on the registrar’s business, as it will no longer be able to register domain names under the .com, .net, and .org top-level domains.
The RAA is an important part of the system for protecting the security and stability of the internet. By requiring registrars to have a policy in place for handling complaints of domain name abuse, ICANN helps to ensure that domain names are not used for malicious purposes.
What Responsibility do Registrars have under the RAA to address phishing Domains?
Specifically, Section 3.18 of the RAA requires registrars to:
- “Take reasonable and prompt steps to investigate and respond to complaints of abuse of domain names registered through the registrar’s services.”
- “Maintain a publicly available policy that sets forth the procedures for handling complaints of abuse of domain names registered through the registrar’s services.”
- “Provide notice to the registrant of any complaint of abuse of the registrant’s domain name and provide the registrant with an opportunity to respond to the complaint.”
In the case of phishing domain names, a registrar would be required to investigate the complaint and take appropriate action if it is found that the domain name is being used to send phishing emails. This could include suspending or revoking the domain name, or taking other steps to prevent the domain name from being used for phishing purposes.
Registrars who fail to comply with their obligations under the RAA may be subject to sanctions by ICANN. These sanctions could include fines, suspension of the registrar’s accreditation, or even revocation of the registrar’s accreditation.
Here are some tips for filing a complaint of domain name abuse with a .com registrar:
- Be sure to provide as much information as possible about the domain name that is being abused. This includes the domain name itself, the IP address of the domain name, and any other information that you may have about the abuse. An email header is the best evidence you can provide when it comes to phishing domain names, but if this isn’t available forwarding an email involved in a phishing-based attack also helps.
- Be sure to provide a clear explanation of the abuse that is taking place. This will help the registrar to investigate the complaint and take appropriate action.
- Follow up. Follow up. Follow up.
What if the Domain Name Registrar Fails to Act?
The failure of a Registrar to take action in a phishing-related complaint not only undermines the trust and confidence of consumers of a TLD but also poses significant risks to innocent Internet users who may fall victim to the fraudulent activities associated with the reported phishing attack. If the Registrar either ignores an abuse complaint, the complainant has several escalation pathways to consider:
- File a complaint with ICANN: If the registrar still does not respond to the complaint, the complainant can file a complaint with ICANN. The complaint should be filed through ICANN’s online complaint form.
- File a complaint with the ccTLD registry: If the domain name is a ccTLD domain name, the complainant can file a complaint with the relevant ccTLD registry. The complaint should be filed through the ccTLD registry’s website.
- Report the domain name to law enforcement: If the domain name is being used for illegal activity, such as phishing, the complainant can report the domain name to law enforcement. Law enforcement may be able to take action to shut down the domain name or prosecute the person or organization responsible for it.
It is important to note that the escalation process can take time. The complainant should be prepared to be patient but also persistent. Registrars should be held to account for domain name abuse as they have the responsibility to ensure that the necessary actions are taken to safeguard the interests of Internet users and maintain the credibility of the domain name ecosystem.
About brandsec
brandsec is an Australian domain name management provider that offers online brand management solutions to corporate and government organisations.
Our services include domain name management, domain name security, domain name policy development, dispute management, monitoring, and enforcement services. Additionally, brandsec offers a comprehensive online brand protection service that covers various platforms such as websites, social media, email, and online marketplaces. The service addresses issues related to counterfeiting, fakes, copyright infringement, intellectual property (IP) matters, piracy, and other intellectual protection-related issues.
