Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.

Am I wasting my time with Nominet?

S

spunko2010

My UK website has been "cloned" by a Russian scammer who has registered a very similar sounding domain name to my own, and is using it to phish for people's credit card details. They claim to charge them a small amount of money via a fake credit card form, but in reality steal their card details.

I have had little success with the Russian hosting company, they are not subject to DMCA... There are two issues here: copyright (they've stolen our website and branding literally without even bothering to change it) and secondly they're operating an illegal scam by stealing credit card details.

I reported this to Nominet yesterday via the dispute system, as it's on a .co.uk domain that they're doing this, but will they bother to act?
 
When someone cloned our site, I quickly realised there's more than one way to skin a cat.

If you pm me the URL I might be able to offer better advice.

As well as reporting to Nominet, can you find the registrar concerned and ping an email to them and tell them what you've told us?
 
When someone cloned our site, I quickly realised there's more than one way to skin a cat.

If you pm me the URL I might be able to offer better advice.

As well as reporting to Nominet, can you find the registrar concerned and ping an email to them and tell them what you've told us?

The website is hosted in Russia and they don't bother with copyright issues. Maybe because it's fraud they might be interested, but I won't hold my breath. I am assuming they were chosen for a reason.

PM sent.
 
Nominet will only act if an outside agency such as Action Fraud, SFO etc request them to. Yes you are wasting your time with them on this unless you pursue a DRS and that will take months. Action Fraud are a waste of space.

Just forget it and stop trying to protect innocent people. We are in a land of super virtue signalers, you won't be rewarded for trying to help people.
 
Nominet will only act if an outside agency such as Action Fraud, SFO etc request them to. Yes you are wasting your time with them on this unless you pursue a DRS and that will take months. Action Fraud are a waste of space.

Just forget it and stop trying to protect innocent people. We are in a land of super virtue signalers, you won't be rewarded for trying to help people.

While I agree with you, I don't think you are considering this fully...

My website has been copied, it is impossible to tell apart from the scammer website. I have already had 3 people contact me asking why my "website doesnt work" (i.e. their website)... These people have had their credit card details stolen - to try to explain this to most people is impossible. I don't need the headache of people being scammed and blaming me, it's hard enough to run an online business and garner good reviews.
 
My website has been copied, it is impossible to tell apart from the scammer website. I have already had 3 people contact me asking why my "website doesnt work" (i.e. their website)... These people have had their credit card details stolen - to try to explain this to most people is impossible. I don't need the headache of people being scammed and blaming me, it's hard enough to run an online business and garner good reviews.

Look on the brightside, free links as they run around the net blaming your company. It's been happening to us (Camping site) for 6 years, there is nothing you can do apart from worrying yourself to death. 70% of our calls are from fraud victims (similar to your story), we don't even answer the phones anymore.

When the Tories launched "Action Fraud", they legalised fraud. They will listen to your complaint and file it in some soon to be lost hardrive, they don't pass it on to the Police. Nobody is going to help you, sorry but that is how it is these days. I wish I could tell you to vote for someone different, but they are all virtue signalers.

Not to mention that victims are often thick as pork. Happily typing in their card details to buy a top of the range OLED for £20.
 
Nominet will only act if an outside agency such as Action Fraud, SFO etc request them to. Yes you are wasting your time with them on this unless you pursue a DRS and that will take months. Action Fraud are a waste of space.

Just forget it and stop trying to protect innocent people. We are in a land of super virtue signalers, you won't be rewarded for trying to help people.

Having seen the site in question I think the OP has a right to be very concerned.

It's a 1:1 clone of his site phishing for card details... even if it's not the OP's fault and not his doing, it's not good for legitimate customers who may [wrongly] assume there was either a security breach or he's somehow complicit in the fraud. I wouldn't, you probably wouldn't, but if you're falling for a phishing scam in the first place you're probably not very tech savvy.

Having looked at the domain registrar for the clone site, some obscure Indian registrar, I'm not even sure how you'd proceed.

I'd be pestering Nominet non stop. In the case we had I managed to get a large domain registrar to step in, and a well known shopping platform also suspended the store in question who scraped then cloned our site 1:1.
 
You are probably wasting your time, but apparently Nominet want to do better with these things. In 2017, I was told:

Thank you for your mail.

We have no power to investigate the use of domain names, so it would be best if you report your concerns to the appropriate authority, such as your local trading standards or www.actionfraud.police.uk

I have notified the registrar, 1and1 Internet of the bad data on the registration. As an accredited registrar they are fully responsible for this. If you would like to bring your concerns to their attention as well, you can contact them via their website at www.1and1.co.uk.

If you need anything further, please do contact us on +44 (0) 1865 332244, or by email at [email protected].
Since then though, they have something called Domain Watch which should take care of things like this - https://www.nominet.uk/uk-domains/security-services/
 
You are probably wasting your time, but apparently Nominet want to do better with these things. In 2017, I was told:

Thank you for your mail.

We have no power to investigate the use of domain names, so it would be best if you report your concerns to the appropriate authority, such as your local trading standards or www.actionfraud.police.uk

I have notified the registrar, 1and1 Internet of the bad data on the registration. As an accredited registrar they are fully responsible for this. If you would like to bring your concerns to their attention as well, you can contact them via their website at www.1and1.co.uk.

If you need anything further, please do contact us on +44 (0) 1865 332244, or by email at [email protected].
Since then though, they have something called Domain Watch which should take care of things like this - https://www.nominet.uk/uk-domains/security-services/

DomainWatch is for big stuff like BarklaysBank.co.uk - HMRCTax.uk etc

You need to get an agency to request Nominet to take it down. There is a list of these agencies knocking about somewhere. Nominet won't do except through dodgy domain registrant details (6-8 weeks) or a DRS (6-8 Weeks for a summary DRS decision). The fraudsters will just pop up with a similiar names the week after it is taken down.
 
I think this is such a clear-cut case that Nominet HAVE to suspend the offending domain, pending investigation. And frankly I expect that they will. If you're willing to publish the details of your domain and the cloned site, I suggest posting the links on the Nominet forum, and members here and elsewhere should then support you and kick up a fuss until it's dealt with.

But first of all, have you phoned Nominet and spoken to them about this? It honestly sounds so blatant and contravenes their terms and conditions so clearly, they basically have to react and I think they will. If not then this becomes a big issue. This is blatant abuse of the namespace.
 
Report the site to Netcraft:
https://report.netcraft.com/report

I believe Nominet take a feed from Netcraft, and will suspend the name.

  • Security companies provide us with a live data feed of sites that have been reported as phishing sites
  • We can use this data to alert you of any domain names on your tag that are on this report
  • When you receive notification of a domain name being involved in phishing you can lock it using our investigation lock while you carry out further checks
  • You can enable the phishing feed by checking the box ‘Receive Phishing Notifications’ in your Online Services account
I'm not 100% sure, but I think Nom will alert you and allow you to lock your own names. Say one has been hacked and is involved in phishing. They won't do anything to names owned by other people.
 
Obviously don't know the full situation so conjecture on my part but if you wanted to try to force Nominets hand to do something then you could try the incorrect whois route.

i.e. Your legitimate site presumably has your trading address on it which will match your domain whois details, plus your domain will pre-date the fraudsters domain.

If the fraudster has taken a direct copy of your site with your company details still on it then if they have put spurious details in the whois record for their domain then Nominet could take action and suspend the domain because the domain whois and site contact details are clearly different as a trading company. The difficulty comes with this if they have copied your company address on the domain whois record as well. This is likely something only Nominet could check at their end after they started masking full whois records.

Just a thought anyway.
 
i.e. Your legitimate site presumably has your trading address on it which will match your domain whois details, plus your domain will pre-date the fraudsters domain.

As in a previous post, that is at least 6-8 weeks for them to act. They have to write to them, in our case Nominet had to write a letter to 50 Bath Street, London, Leeds, G17 9PL Scotland

They have to give them enough time to respond. 6-8 weeks. Then when shut down, the fraudsters start again on a similar name and you are back at square 1.

Return back to the top of this thread and repeat. :D

Best of luck, I've done all I can to stop you wasting your time but if you are intent on it then feel free

L
 
6-8 weeks isn't my experience but there you go. I'll bow out now.
 
Get them on the phone. You need to be firm with them. Present your evidence. This domain should be suspended. The registrar who governs the domain name has this ability, so contact them at first instance. Threaten them (I think I read 1&1) with Nominet or a direct DMCA to 1&1, as they are responsible for the domain name. They will soon act.
 
Nominet's Terms and Conditions for Registration of Domains, updated April 2020 states:

10. Cancelling or altering the domain name
10.1 We may cancel or put a domain name into a special status by notifying you if:
10.1.1 in our sole discretion we believe that you or your registrar have provided significantly inaccurate, not correct, unreliable or false contact details (including names), failed to keep your contact details up to date, or failed to give us those details at all;
10.1.2 in our sole discretion we believe the domain name is being used, or has a high risk of being used, in a way that is likely to endanger any part of the domain name system, other internet users (including but not limited to the distribution of viruses and malware, phishing activity or facilitating distributed denial of service attacks), or our systems and internet connections; or
10.1.3 you have broken any of the conditions (including the rules and DRS policy) and (in the case of a matter which it is possible to put right and which is not covered by condition 5.2, 10.1 or 10.2) you do not put it right within 30 days of us notifying you.
 
Thanks all. I did try the safe browsing/forgery report but they don't seem to act unless there are loads. I'll keep trying with that, and pressuring Nominet to do something.
 

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Featured Services

Sedo - it.com Premiums

IT.com

Premium Members

AucDom
UKBackorder
Be a Squirrel
Acorn Domains Merch
MariaBuy Marketplace

New Threads

Domain Forum Friends

Other domain-related communities we can recommend.

Our Mods' Businesses

Perfect
Service
Laskos
URL Shortener
*the exceptional businesses of our esteemed moderators
Top Bottom