Domain name abuse – What you need to know
Domain name abuse is a major problem in South Africa.
It involves using domain-related tactics to impersonate popular brands and get South Africans to erroneously hand out their personal details.
In many cases, domain name abuse is also used to get victims to transfer money to the scammers under the guise of paying a company or making a banking transaction.
We asked several of South Africans most popular domain registrars why malicious actors engage in domain name abuse, how to identify these scammers, and what to do if you identify a case of domain name abuse.
Their answers are below.
ZARC
The ZARC said that malicious actors engage in domain name abuse to exploit brand trust and reach a broader audience with their fraudulent activities.
“By mimicking reputable companies, they increase the likelihood of deceiving individuals who recognize and trust these brands,” said the ZARC.
South Africans can combat domain name abuse by reporting these domain names to the appropriate registrars, authorities or cybersecurity hubs.
The ZARC also called for South Africans to advocate for stricter regulations and enforcement against domain name abuse – and this starts with educational campaigns during events like cybersecurity awareness month.
“By working together and staying informed, South Africans can significantly reduce the impact of domain name scams and create a safer online environment for everyone,” said the ZARC.
Absolute Hosting
Absolute Hosting said that fraudsters primarily abuse domain names for monetary gain.
Consumers should therefore notify the appropriate registrar about domain name abuse.
Absolute Hosting provided the following resources for reporting domain name abuse:
Register Domain SA
Register Domain SA said malicious actors abuse domain names to exploit individuals and businesses.
“This can lead to financial loss, data theft, and reputational damage,” said Register Domain SA.
It recommended that South African consumers and businesses report suspicious domains to ISPA or the relevant authorities.
South Africans can also use WHOIS Lookup to access the registrar’s contact details and report the fraudulent domain to them directly.
Register Domain SA also highlighted the importance of having a centralised reporting portal, where fraudulent domains can be flagged and sent to a dedicated cybercrime division.
Host Africa
Host Africa said that WHOIS Lookup is a great tool, as it shows you when the domain was registered.
New domains are often a red flag – especially if the alleged company has been operating for a long time.
Host Africa also recommended that South Africans analyse the website for spelling mistakes and design flaws.
Lastly, Host Africa recommends South Africans install anti-phishing software like Malwarebytes, which offers a browser guard that automatically flags malicious sites and scans for credit card skimmers.
If, based on the above, if you believe a website is fake, collect the domain’s registration details from WHOIS Lookup and submit a website takedown request from ISPA (if the registrar is an ISPA member).
Alternatively, you can report domain name abuse directly to the registrar via the abuse email found on its WHOIS details.
Domains.co.za
Domains.co.za said that malicious parties often abuse domain names for financial gain and/or data theft.
It said if you encounter an abusive for fraudulent domain, you should immediately report it to the registrar – as “any decent registrar will take some sort of action.”
Additionally, if you are concerned about your domain being stolen or transferred, ensure you lock it to prevent unauthorised changes and minimise the risk that your domain is hijacked.
Domains.co.za also recommended that you check that your domain and hosting company has strong email security protocols in place to prevent spam, phishing, spoofing, and other email-related issues.
Protocols to look out for include:
- Sender Policy Framework (SPF)
- DomainKeys Identified Mail (DKIM)
- Domain-based Message Authentication, Reporting, and Conformance (DMARC)