Does a sophisticated scam that includes using a domain name count as DNS abuse?
Yesterday, I wrote about how data suggest DNS abuse has decreased over the past few years.
A key question about all DNS abuse data is how you define it. What exactly is DNS abuse?
Reasonable people can disagree on what constitutes DNS abuse. Domains used for spam, phishing, and malware are usually included in the definition. But what about a sophisticated scam that involves using a domain that might trick people but is part of a much bigger scheme?
Last week, Future Test Inc filed a lawsuit (pdf) against the perpetrators of a sophisticated fraud.
Future Test uses the domain name FutureTest.com. The fraudsters registered FutureTestIncAZ .com to impersonate Future Test. They posted job listings on popular job boards and then interviewed candidates online.
Once they offered a fake job to the candidate, they told the candidate they needed two forms of ID to verify them for employment. They also needed banking information for direct deposit. And, in some cases, they needed a credit card.
You can imagine the damage someone can do when they have a copy of someone’s passport, driver’s license, and bank numbers.
In addition to ID and banking theft, they duped some of the people into incurring expenses on the belief they’d be reimbursed.
It’s a sophisticated scam made possible by the ease of registering a domain name similar to a company’s main domain. This often happens in accounts payable scams, where someone impersonates a company’s accounting department and demands payment.
But could they have pulled off this scam without the domain name? How many of the people noticed the domain?
To be sure, this type of scam accounts for a minuscule amount of domain names compared to common types of abuse. Spammers and phishers cycle through domains as they get blocked; more sophisticated scams usually only involve a couple of domains.
Still, I wonder what role (if any) the domain ecosystem should play in trying to stop this kind of activity.