Is this scam DNS abuse?

Does a sophisticated scam that includes using a domain name count as DNS abuse?

The words "scams & domain names" on a picture of a hacker at a computer terminal

Yesterday, I wrote about how data suggest DNS abuse has decreased over the past few years.

A key question about all DNS abuse data is how you define it. What exactly is DNS abuse?

I discussed this topic with Graeme Bunton, Director of the DNS Abuse Institute, on a podcast last year.

Reasonable people can disagree on what constitutes DNS abuse. Domains used for spam, phishing, and malware are usually included in the definition. But what about a sophisticated scam that involves using a domain that might trick people but is part of a much bigger scheme?

Last week, Future Test Inc filed a lawsuit (pdf) against the perpetrators of a sophisticated fraud.

Future Test uses the domain name The fraudsters registered FutureTestIncAZ .com to impersonate Future Test. They posted job listings on popular job boards and then interviewed candidates online.

Once they offered a fake job to the candidate, they told the candidate they needed two forms of ID to verify them for employment. They also needed banking information for direct deposit. And, in some cases, they needed a credit card.

You can imagine the damage someone can do when they have a copy of someone’s passport, driver’s license, and bank numbers.

In addition to ID and banking theft, they duped some of the people into incurring expenses on the belief they’d be reimbursed.

It’s a sophisticated scam made possible by the ease of registering a domain name similar to a company’s main domain. This often happens in accounts payable scams, where someone impersonates a company’s accounting department and demands payment.

But could they have pulled off this scam without the domain name? How many of the people noticed the domain?

To be sure, this type of scam accounts for a minuscule amount of domain names compared to common types of abuse. Spammers and phishers cycle through domains as they get blocked; more sophisticated scams usually only involve a couple of domains.

Still, I wonder what role (if any) the domain ecosystem should play in trying to stop this kind of activity.

Post link: Is this scam DNS abuse?

© 2022. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

Back to top button