Cybercriminals abuse domain names that are released from registration, warn DNS Belgium

DNS Belgium logoCyberland is in turmoil once again DNS Belgium, the Belgian ccTLD manager, is advising. At the beginning of the new year, their northern neighbours, the Netherlands, north detected that quite a number of domain names of local politicians had wound up in the hands of cyber criminals.

People who surfed to the websites of some local politicians landed in all sorts  of rogue web shops set up to cheat people out of money and data. Some branches of the VVD, i.e. the People’s Party for Freedom and Democracy (the Dutch liberals), had seemingly embarked on a little business in Italian women’s sandals. The site of a local branch of the PvdA (labour party) referred surfers to a web shop of Diesel wallets.

According to the Dutch daily De Telegraaf, at issue are domain names which were initially used for legitimate purposes by the politicians concerned. As the latter did not renew them at a given moment, however, these domain names became available on the market again and could be registered by anybody.

What occurred in the Netherlands does not imply that every domain name released from registration is acquired by people with rogue intentions. But it does illustrate again that it can lead to abuse. “Cyber criminals buy domain names to set up web shops for the sole purpose of swindling people,” says Marc Noët of the internet company  Dataprovider. According to him, a web shop is the best and most widely used way to worm credit card details out of people.

Personal email addresses are usually also linked to a domain name. Whoever buys a domain name released from registration, can therefore proceed to use those e-mail addresses as well.  No more than a year ago, a great commotion was stirred, likewise in the Netherlands, when ethical hacker  Wouter Slotboom managed to register a number of expired domain names of the Dutch police and received confidential police reports in his mailbox over a year and a half as a result.

You may well have a good reason not to renew a domain name: your company has changed its name or has ceased to exist. Moreover, you might not really mind all that much at the outset that your old domain name has become available again, but serious consequences may ensue if it winds up in the hands of cyber criminals and your image and reputation take a serious hit.

Experts therefore advise to continue nonetheless to register domain names you no longer use. A little effort and a small cost can save you from all sorts of distress.