phishing and domain provider's responsibility

Forums › IT Pro and developers › phishing and domain provider's responsibility

kingdragonfly

7003 posts

Uber Geek

#251310 18-Jun-2019 16:26

I got a phishing email with a fake ANZ banking website. I forwarded it to ANZ.

I also forwarded it to the domain provider, iwantmyname.com, who runs their office in Wellington. This was their response.

Regarding "We have notified the customer of the complaint," I assume the customer is the crooks. I only hope they removed my signature from my forwarded email.

Is the following response correct?

----------------------------------------

Hello,

Thanks for getting in touch about *********.co.nz. Unfortunately, there is not much we can do on our end regarding the content of a site under a domain name, even when registered with us.

We don't provide hosting, so no site content, email, etc. is hosted with us.

As a reseller of an ICANN accredited registrar, we are authorized to only suspend a domain name if we receive instructions by authorized parties (e.g. ICANN, domain name registries, or legal court orders). This usually only happens if a domain name infringes on the trademark or naming rights of a third party.

We have notified the customer of the complaint, and will forward any response within 48 hours.

Because the root of the issue is the site's content, rather than the domain itself, it would be advisable to address your complaint to the site's author, or to the applicable Internet Service Provider (hosting provider of the website itself, not the domain name registrar).

If you believe the content is of an illegal nature, you should contact an appropriate law enforcement agency (which will vary depending on jurisdiction), or consult an attorney for legal advice.

We often find that because domain names are inexpensive and can be registered quickly, closing the domain itself is only a temporary solution for eliminating content. The best fix here is to stop the content at the source.

If you have any other questions, let us know.
Cheers,
Cheers,

https://iwantmyname.com

1 | 2

Affiliate link

Affiliate link: NordVPN allows you to securely access the Internet, encrypt your connection and keep your browsing history private.

richms

25143 posts

Uber Geek

Trusted

Subscriber

#2260408 18-Jun-2019 16:49

Would you like a registrar being able to suspend a domain because they dont like your content on the site?

The way it works is fine. Complain to the right place about it and they may get the domain pulled.

Richard rich.ms

CYaBro

3802 posts

Uber Geek

ID Verified

Subscriber

#2260409 18-Jun-2019 16:49

More than likely the person/business that own the domain name and website don't even know about it as their site has probably been hacked.

kingdragonfly

7003 posts

Uber Geek

#2260414 18-Jun-2019 16:59

The domain name was an intentional misspelling of ANZ, so if you weren't paying attention, you could be fooled.

I'm not a ANZ customer, so it was blindingly obvious to me.

The phishing email also said It said "Dear customer", without using my name.

Given how many times corporations like Equifax get their complete customer databases hacked, I wouldn't be surprised by a phisher knowing all my details.

I know there's a bunch of system admins out there who don't patch their public internet sites, get hacked, and have malicious code inserted, but this wasn't one of them.

mattwnz

18642 posts

Uber Geek

#2260417 18-Jun-2019 17:03

Shouldn't you contact the DNC about any concerns? www.dnc.org.nz

The thing about nz domains, is the domain registrant can transfer them instantly and free at any time between different providers, so the domain provider today, may not be the provider tomorrow..

freitasm

BDFL - Memuneh
73949 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2260419 18-Jun-2019 17:05

CYaBro:

More than likely the person/business that own the domain name and website don't even know about it as their site has probably been hacked.

This is a likely scenario.

Are you happy with Geekzone? Consider subscribing or making a donation.

freitasm on Keybase | My technology disclosure

kingdragonfly

7003 posts

Uber Geek

#2260427 18-Jun-2019 17:34

mattwnz:
Shouldn't you contact the DNC about any concerns? www.dnc.org.nz

The thing about nz domains, is the domain registrant can transfer them instantly and free at any time between different providers, so the domain provider today, may not be the provider tomorrow..

When I read your post, I thought you were talking about the Democratic National Committee.

I couldn't find anything on the DNC website about phishing beyond repeated complaints by the New Zealand Bankers’ Association. Definitely couldn't find an abuse email address.

https://www.dnc.org.nz/node/1494

So besides forwarding it to the company being imitated, in this case ANZ, anything else I could do to be helpful?

perhaps Netsafe scam report???

https://report.netsafe.org.nz/hc/en-au/requests/new?ticket_form_id=360000024755

I keep imagining elderly victims getting conned.

richms

25143 posts

Uber Geek

Trusted

Subscriber

#2260428 18-Jun-2019 17:37

I'd tell cert too. They have a reporting tool which isnt _too_ annoying to use for things.

Richard rich.ms

BarTender

3409 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2260429 18-Jun-2019 17:42

Bet you anything they are hosted behind Cloudflare too, and don't bother reporting to Cloudflare's abuse as they will just forward all your details to the site and absolve themselves of any responsibility.

and

CYaBro

3802 posts

Uber Geek

ID Verified

Subscriber

#2260547 18-Jun-2019 22:12

BarTender:

Bet you anything they are hosted behind Cloudflare too, and don't bother reporting to Cloudflare's abuse as they will just forward all your details to the site and absolve themselves of any responsibility.

And so they should. They're not the internet police.

michaelmurfy

/dev/ttys0
10973 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#2260551 18-Jun-2019 22:35

With Phishing, the best thing to do is ignore and forward the email (including headers) to the bank in question. ANZ have a dedicated page for this here: https://www.anz.co.nz/banking-with-anz/banking-safely/stay-up-to-date/

I know most banks have a team that both looks out for phishing scams, and also closes them down ASAP. Normally what I do if I come across one is report the phishing page to Google (https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en) then just forward it to the bank (if I can actually be bothered), delete, job done.

The problem with both domain providers, Cloudflare etc is they will forward your email to the abuse contact or account email address of the domain. This isn't too helpful as it can either target you for Spam, inform the site owners that you're onto them or even get you doxxed. This is the standard response for most infrastructure providers (I get many of these sorts of emails across my domains - most are automated). I don't advise anyone to do that.

Michael Murphy | https://murfy.nz | https://keybase.io/michaelmurfy - Referral Links: Sharesies | Electric Kiwi
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation.

bigalow

502 posts

Ultimate Geek

#2260613 19-Jun-2019 01:39

iwantmyname.com can do something its on there t/c

https://iwantmyname.com/terms

3.1 Immediate suspension or termination

d.if you have acquired a Registered Name or used any Service through fraudulent means or for any fraudulent or illegal purpose.

kingdragonfly

7003 posts

Uber Geek

#2260628 19-Jun-2019 07:07

michaelmurfy: ... report the phishing page to Google (https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en)...

I didn't know about the google page. Cheers

BarTender

3409 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2260652 19-Jun-2019 08:36

CYaBro:

BarTender:

Bet you anything they are hosted behind Cloudflare too, and don't bother reporting to Cloudflare's abuse as they will just forward all your details to the site and absolve themselves of any responsibility.

And so they should. They're not the internet police.

Any yet having an acceptable use policy and actually enforcing it is some sort of affront to the "free speech" of the internet. The terrorists and revenge porn sites fully agree with you.

and

CYaBro

3802 posts

Uber Geek

ID Verified

Subscriber

#2260958 19-Jun-2019 16:06

BarTender:

CYaBro:

BarTender:

Bet you anything they are hosted behind Cloudflare too, and don't bother reporting to Cloudflare's abuse as they will just forward all your details to the site and absolve themselves of any responsibility.

And so they should. They're not the internet police.

Any yet having an acceptable use policy and actually enforcing it is some sort of affront to the "free speech" of the internet. The terrorists and revenge porn sites fully agree with you.

There are proper channels to go through to get illegal sites taken down.

BarTender

3409 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2260967 19-Jun-2019 16:43

CYaBro:

BarTender:

CYaBro:

BarTender:

Bet you anything they are hosted behind Cloudflare too, and don't bother reporting to Cloudflare's abuse as they will just forward all your details to the site and absolve themselves of any responsibility.

And so they should. They're not the internet police.

Any yet having an acceptable use policy and actually enforcing it is some sort of affront to the "free speech" of the internet. The terrorists and revenge porn sites fully agree with you.

There are proper channels to go through to get illegal sites taken down.

Yes, and those channels via Cloudflare involve your information begin forwarded to the provider and often being doxed. What is illegal in one country may not be in another.

And again, you are in good company with the terrorists and revenge porn sites, they want free speech too and don't want Cloudflare to be the internet police.

and

1 | 2