Last week we were alerted to the existence of a number of websites maliciously posing as Australian online retailers in order to defraud unsuspecting shoppers out of thousands of dollars through the sale of non-existent mobile phones or other gadgets.
The con artists behind this scam set up websites by registering .com.au domain names using the stolen credentials of legitimate businesses.
Following an investigation by the Western Australia Department of Commerce and .au Domain Administration, the websites were taken down.
However, the damage had already been done and the trust built up in the .com.au domain name took a serious dent.
As the appointed technology operator for the Registry which runs .com.au, we were disappointed that this scam was able to occur. I understand the frustration the victims of this crime must feel and appreciate their desire to strengthen the regulations around website ownership.
The reason this issue cuts deep for me is that these scammers have exploited the trust we have worked so hard to build over so many years.
Why people trust .com.au
It’s likely that the con artists involved in this scam strategically chose to use .com.au domain names to perpetrate their crimes.
They – like many Australians – recognised the inherent trust Australian consumers place in our national online namespace when purchasing goods over the Internet.
Locally, .com.au is Australia’s home on the Internet because it’s a trusted, regulated and well-recognised corner of the web for all Australian businesses, organisations and individuals. This means that when people navigate the Internet and see a ‘nab.com.au’ advertisement for instance, they can be confident that they will be directed to the official National Australia Bank website.
I imagine that end users would be far less trusting in this instance of a domain name that ends in something other than .au (check out where nab.com takes you!).
This speaks volumes to the effective policy and regulation of the .au namespace, the level of awareness the namespace enjoys in the Australian market, and the willingness of businesses and end users to adopt .au as their online presence.
However, scams perpetrated under the guise of a legitimate .com.au website erodes this trust and justifiably causes Australians navigating the Internet to question whether they can still trust .com.au domain names.
To this point, I want to ensure Australian Internet users can retain trust in .com.au and feel confident to navigate the Internet under it.
Maintaining the trust in .com.au
The unfortunate reality is that there will always be people seeking to exploit the trust of others – especially in the faceless realms of online shopping.
While it’s no comfort to those who were victims of the current scam, it is reassuring to know that the scam websites were taken down quickly after they were investigated. You won’t find this type of responsiveness in most other namespaces.
There have been calls to increase the regulations around registering a .com.au domain. However, there is a fine balance between over-regulating the namespace as a knee-jerk reaction to an incident and maintaining efficient and streamlined processes that encourage domain name ownership.
My feeling is that the current policies which require registrants to match domain names to a company or business entity are sufficient. While the introduction of a 100-point identification check would immediately weed out any fraudsters, it would also significantly burden the administrative process of managing registrations and would necessitate a large price increase to facilitate this new process.
By doing this, you would disadvantage many thousands of small business owners and the majority of Australian Internet users. Importantly, honest businesses will move to other namespaces in an attempt to bypass barriers and reduce costs and in turn end users navigating the Internet become desensitised about not seeing the .au at the end of a domain name.
Ultimately this would play straight into the hands of fraudsters as Australian websites hosted on other Top-Level Domains will no longer have the ability to be taken down quickly by Australian authorities and regulators.
While this incident shows the current system is not perfect, I think it does demonstrate it’s robust enough to do the job it was intended for.
Tips for shopping online safely
To reduce your chances of falling victim to online fraud, below are some helpful tips to keep in mind:
1. .com vs .com.au
The effective regulation and registration policy reforms implemented by the .au Domain Administration more than 10 years ago have helped to make .au a trusted and secure namespace for both registrants and Internet users.
This is not the case in some national country codes or generic Top-Level Domains such as .com, .net or .org. For instance, there are no pre-conditions or requirements for registering domain names in .com or .net, meaning anyone may register a name and use it for any misleading purpose. This has been known to cause significant grief to many trademark holders and Internet users.
You can have greater trust in .com.au because you know that business details have been provided when the domain name has been registered. Also, you can trust that if an incident does occur, you will have an avenue of recourse through the .au Domain Administration to resolve fraud issues.
2. WHOIS check on all .au domain names
Want to know who actually owns the .com.au domain name you are visiting?
AusRegistry hosts a directory portal called WHOIS that allows anyone to quickly search for the contact details of every .com.au domain name owner. These contact details can provide you with comfort that you are dealing with a legitimate business entity.
While performing a WHOIS search you may also notice that some domain names have a special additional security measure call .auLOCKDOWN.
.auLOCKDOWN locks a domain name at the Registry level, preventing unauthorised changes.
Importantly, if a domain name has .auLOCKDOWN applied, you know the registrant has gone to extreme levels to protect their domain name and website.
4. Online security services
Online security is becoming ever more important as cyber criminals become more sophisticated in their activities.
Below are some helpful resources and online security tips from trusted authorities:
- Infoxchange Australia (not-for-profit ICT organisation)
- Stay Smart Online (Australian federal government initiative)
- iTaNGO (Infoxchange Australia initiative funded by the Victorian government)
- SCAMwatch (Operated by the federal government’s Australian Competition and Consumer Commission)
- auDA Consumer Alerts (.au domain name consumer alerts from the regulatory body for the .au domain space)
- CERT Australia (The national computer emergency response team)
5. Mobile phone buying tips
In this particular scam, the fraudsters chose to sell mobile phones online.
The Australian Mobile Telecommunications Association – Australia’s peak body representing the mobiles industry – has produced a helpful guide with practical tips for consumers who want to purchase a mobile phone.
Please visit www.mobiletips.org.au for more information.