A concise, grammatically correct message seemingly coming from a well-known brand may be more persuasive than masses of incompetent spam messages that are easy to spot. But with a bit of mindfulness and a good look at the Internet address, the trick may quickly become obvious: the domain name usually does not correspond to the name of the company it attempts to pose as. A scammer may be doing this for various reasons: to spread malware, to obtain sensitive information (phishing), to collect funds posing as well-known debt collection company, or to maliciously intercept valuable online traffic to the intended website.
Reaching the registrant of a fraudulent website, however, may not be as easy as it seems since WHOIS databases of domain extensions might not have the information available, particularly if contact details of a natural person are protected via privacy protection services. The surest way to reach a registrant of a spoof internet address used for illegal activity is the path of judicial review. However, not in every situation, such a route is necessary. In the case of some domain extensions, such as .PL for example, it is possible to send a request for disclosure of registrant data directly to the domain registry. The application will then be examined on the basis of described circumstances and a decision whether or not the registrant’s address should be revealed will be made.
In the case of the .EU registry, if a registrant is a natural person and not an organization, the database will display the registrant’s e-mail address including information about the preferred language of correspondence. If that’s not enough, more contact details can be requested along with an explanation for what purpose the data is needed and how it will be used. If the registrant is an organisation or a company, all contact information is provided in the WHOIS database.
It is doubtful that domain registries will help us prosecute domain fraudsters. Registries have been established to manage the TLDs and maintain the technical infrastructure and databases required for smooth domain operations on the Internet. The scope of registries’ responsibilities and powers does not extend to controlling or interfering with the content presented on websites. In case a violation of the law takes place, the courts and law enforcement agencies are the entities authorised to examine the case and take further steps.
However, inquiries to registries do not remain unnoticed. In case of a complaint or a suspicion of a violation of law, accuracy of address data undergoes verification. Registrants are required to prove the correctness of their registration data within a period of a few weeks. In extreme cases, such a procedure may lead to a cancellation of a domain name (which then is made available again to the public on the market).
In case of suspected rights violation and domain abuse, the first contact should be your registrar. If further intervention is required it may be necessary to take legal action.
If you have questions about the security of your domain names, please do not hesitate to contact our Support Team at firstname.lastname@example.org.