Nominet

Home Registrants Registrars Governance Policy Disputes/Legal News About Us Intelligence Technology Other Services

Skip All Secondary and Tertiary Navigation

Dispute Resolution Service Contract Terms Nominet Court Cases Case Law Other legal information

Home › Disputes/Legal › Other legal information › Scams and Fraud

Scams and fraud

Introduction

We get periodic complaints about various business practices relating to domain names sales and use. We are a private company with no statutory power to investigate potential scams, and we do not host websites or provide email services to other people. However where parties are misusing our name, we can act.

This page therefore provides some background information about various business practices and provides some contact details for organisations you can contact if you are concerned, but we cannot take action ourselves in most cases.

Pressure sales - "I've got a man on the other line who wants to register your domain name, but you can get it first"

Pressure selling of domain names became a problem during 2001-2003. The majority of cases were based in or around Swansea, but after concerted action by Swansea Council Trading standards, the police and Nominet the majority of these companies closed down and civil and criminal court results were obtained.

The general format of is that a telephone call is made by an organisation which either claims to be official, or has an official-sounding name (for example, the "Internet Registration Office"). The caller says that they have received requests to register a series of domain names which are similar to yours, or which contain your company name. The caller notes that their 'system' flagged up that this domain name was similar to your name and therefore they wanted to offer you the chance to prevent the third party (who is usually not named, or is given a name that is uncheckable) from registering them. Typically the victim is given a short period of time in which to register the domains, and asked to pay be credit card over the phone.

Generally, where payment was made the domain names were registered, although often not for the advertised period (e.g. a 10-year registration was made for 1 or 2 years). If payment was not made, no registrations were made.

While it is hard to prove a negative, it appears that all these third parties were fictitious, or were names of staff members of the company making the calls.

Normally these calls are made from non-geographic 0870 numbers, and there has been a trend for these operations to give false addresses or operate from overseas.

In the Domain Registrar Services case we could take action directly because of misuse of our trade marks, but in other cases we have been confined to advising the police and trading standards, and appearing as witnesses in criminal cases. We have also taken action under the terms of our Registrar Agreement (formerly the Tag-Holder's Agreement) in some cases.

"Slamming" or 'False invoice' schemes

Domain names have a limited registration period (2 years for .uk) and have to be renewed, and you can often work out from the WHOIS when this is due. In these sorts of scheme the person involved sends out paper letters which often resemble invoices. These documents are in fact one of two things: (a) an offer to register a similar-but-different domain name, or (b) an offer to renew the existing domain name but transfer it to a new registrar.

In the first case (similar-but-different domain name) the document might be headed "Automaton-example.co.uk - Act now to secure your domain" - but later on offer registration of 'automaton-example.com'.

In the second case (same name), there is usually an offer to renew the name, but simultaneously transfer it to a new registrar, possibly with some lock-in to that new registrar. This is particularly common in the .com system, where the new registrar can 'pull' a registration from the existing registrar. In the .uk system, your current registrar has to 'push' the registration to a new registar, so this technique is less effective.

This scheme relies on use of WHOIS records, and under our WHOIS terms of use it is not permitted. As far as we know we are the only registry to have taken legal action to protect its WHOIS data when it has been compromised - as happened in the UK Internet Registry and Peter Francis-Macrae cases. In both cases we went to court (in Australia and the UK), bankrupted the people involved, wound up their companies, obtained injunctions against their conduct and orders to prevent them from doing it again.

On the technical side we have a number of protections to stop our WHOIS from being used to support this kind of activity - we have split our WHOIS into WHOIS, WHOIS2 and DAC, we have developed (and continue to develop) new ways of spotting abuse, and we have worked (with other registries) to obtain changes to the specification of future technology such as DNSSEC.

Spam and Phishing Frauds

See the separate page on this which also has links to the places to which you can report these.

General advice about Internet safety and fraud prevention

For general advice, see the banking industry website about financial frauds (Bank Safe Online), the Government website about safe internet use (Get Safe Online) or the CEOP guidance for safe internet use for children (ThinkUKnow).

Reporting frauds or scams

If you think that someone is misusing our trade marks, name or WHOIS information as part of any scam, then please contact us.

If you think that the content of a website is objectionable, please see our advice on this.

If you think that you have been the victim of internet fraud, or you have an email or website that you think is fraudulent then see the Metropolitan Police Fraud Alert website for advice, or contact the trading standards department of your local council (you can also see the central trading standards website).