Cyber criminals abuse domain names that are released from registration

12.01.2018

Cyberland is in turmoil once again. At the beginning of the new year, our neighbours to the north detected that quite a number of domain names of local politicians had wound up in the hands of cyber criminals.

People who surfed to the websites of some local politicians landed in all sorts  of rogue web shops set up to cheat people out of money and data. Some branches of the VVD, i.e. the People’s Party for Freedom and Democracy (the Dutch liberals), had seemingly embarked on a little business in Italian women’s sandals. The site of a local branch of the PvdA (labour party) referred surfers to a web shop of Diesel wallets.

Remember to renew your domain name

According to the Dutch daily De Telegraaf, at issue are domain names which were initially  used for legitimate purposes by the politicians concerned. As the latter did not renew them at a given moment, however, these domain names became available on the market again and could be registered by anybody.

What occurred in the Netherlands does not imply that every domain name released from registration is acquired by people with rogue intentions. But it does illustrate again that it can lead to abuse. “Cyber criminals buy domain names to set up web shops for the sole purpose of swindling people,” says Marc Noët of the internet company  Dataprovider. According to him, a web shop is the best and most widely used way to worm credit card details out of people. 

Do not forget your e-mail address

Personal e-mail addresses are usually also linked to a domain name. Whoever buys a domain name released from registration, can therefore proceed to use those e-mail addresses as well.  No more than a year ago, a great commotion was stirred, likewise in the Netherlands, when ethical hacker  Wouter Slotboom managed to register a number of expired domain names of the Dutch police and received confidential police reports in his mailbox over a year and a half as a result.

You may well have a good reason not to renew a domain name: your company has changed its name or has ceased to exist. Moreover, you might not really mind all that much at the outset that your old domain name has become available again, but serious consequences may ensue if it winds up in the hands of cyber criminals and your image and reputation take a serious hit.

Experts therefore advise to continue nonetheless to register domain names you no longer use. A little effort and a small cost can save you from all sorts of distress.

Security