Net Cop: Crime Pays for Web`s Domain Name Vendors
October 06, 2003 12:48:41 (ET)
By Bernhard Warner, European Internet Correspondent
LONDON (Reuters) - Fraudsters and pedophiles are using lax Web site
registration policies to commit an increasingly elaborate web of cyber crime,
Britain's top cyber cop said on Monday.
In an interview on Monday with Reuters, Detective Chief Superintendent Len
Hynds, head of the UK's National Hi-Tech Crime Unit (NHTCU), called on the
legion of domain name resellers to stop the "no-questions-asked" practice of
selling Web site names.
"We need to have more confidence around domain name selling," said Hynds in a
rare interview. "How can it be that you can buy a domain name that is so similar
to your high street bank? It just doesn't seem right to me."
An increasingly popular scam hitting financial institutions and retailers is
known as "Web site spoofing" in which a fraudster acquires a Web site name that
closely resembles a bank or business's Web site.
Under one such scam, the fraudster sends e-mail messages en masse to random
Internet users telling them to visit an authentic looking Web site where they
are required to input their banking or credit card details.
In order to work, the scam requires a lot of luck and even more gullibility
on the user's part. It takes just one e-mail respondent to follow the trail to
net the fraudster a tidy gain.
In the past month, UK retail banking giants Barclays Plc and Lloyds TSB have
fallen victim to a Web site spoofing scam. The banks quickly issued statements
to customers alerting them to the scam. In the Lloyds case, police took the site
offline, the bank told Reuters on Friday.
Hynds said pedophilia rings are also setting up shop online registering Web
site domains that carry telltale names of the trade such as "Lolita" or
"That's even more difficult to defend. But people I've been speaking to say
there is no human interface with that process," Hynds said.
He added he has met with UK-based domain name registrants, to little or no
Domains are sold by companies ranging from small Internet service providers
to major corporations such as Yahoo Inc. and Verisign Inc.
The discussions have failed to ignite any policy changes, mainly because
domain name sellers have established an automated process to handle the brisk
© Copyright 2001 Reuters.