Nominet Criminal Activity Suspensions of .UK Domains Drops 23% to 22,000

The number of .uk domain names suspended dropped by 23% to 22,158 according to the latest update from Nominet on .uk domains suspended for criminal activity over the 12 months to October 2020. This is around 0.22% of the 10 million .uk domains currently registered.

In response to the Covid-19 pandemic, Nominet stepped up checks on new domain registrations to mitigate against fraudulent activity related to Covid-19. To 28 October 2020, Nominet notes in the report [pdf] had placed 3,811 domains related to Covid-19 on hold at the point of registration pending further registrant checks. 1,568 of these domains subsequently passed due diligence and are now registered. Eight domains suspended for criminal activity were related to Covid-19.

Nominet suspends domains following notification from the police or other law enforcement agencies that the domain is being used for criminal activity. It also puts on hold domains at registration where criminal activity such as phishing is suspected by Nominet’s systems.

In the previous 12 months the number of .uk domains suspended following requests by law enforcement agencies was 28,937. In their report, Nominet state they now collaborate with 13 reporting organisations (up from ten in the previous year) and received requests from eight of these (five the previous year). The Police Intellectual Property Crime Unit (PIPCU), which processes and co-ordinates requests relating to IP infringements from nationwide sources, is the main reporting agency with 21,632 requests (down from 28,606), followed by the National Fraud Intelligence Bureau 266 (up from 178), the Financial Conduct Authority at 232 requests (up from 48) the Medicines and Healthcare Products Regulatory Agency at 13 (down from 31) and Trading Standards at 7 (down from 90).

The number of requests that didn’t result in a suspension was 47 – up from 16 in the previous year. Reasons for requests not resulting in suspension include the domain already being suspended due to a parallel process, the domain already being transferred on a court order, or the registrant modifying the website to become compliant following notification.

The number of suspensions that were reversed was 15 (up from five). A suspension is reversed if the offending behaviour has stopped and the enforcing agency has since confirmed that the suspension can be lifted. We have seen similar fluctuations year on year since 2014.

The report also provides an update on domains flagged under Nominet’s proscribed terms policy, introduced in May 2014. Over 1,060 newly registered domains were identified as potential breaches, but no suspensions were made, indicating a high number of false positives. Over the same period there were no suspension requests from the Internet Watch Foundation on Child Sexual Abuse Images (CSAM) on .UK domains.

For the same period, Domain Watch – Nominet’s anti-phishing initiative that suspends suspicious domains at the point of registration – saw 5,006 domains suspended, almost double the number of suspensions year on year (2,668). When identified as high risk of phishing, domains will not be usable until extra diligence is conducted to satisfy us the registration does not pose a phishing risk. If a domain is suspended, the registrant will receive an email informing them what has happened, together with the next steps required if they feel the suspension was not correctly applied. Of these, 558 (up from 274) successfully passed our additional due diligence and completed the registration process.

“New anxieties are a bounty for cyber criminals who look to take advantage of others online for their own gains, not least by exploiting the pandemic,” said Russell Haworth, Nominet’s CEO. “This year, we proactively sought to weed out coronavirus-related domains registered for criminal intent and had put on hold almost 4,000 by the end of October. With less than half passing the due diligence we require to reinstate them, it’s clearly helping keep scams at bay.”

“This work complements our ongoing collaboration with law enforcement. The overall drop in suspensions they requested is driven by fewer PIPCU referrals, which suggests that their work to stop counterfeit goods reaching .UK domains is having an effect. Criminal groups are also starting to realise .UK domains used for scams will be suspended promptly.  While that’s good news, we remain focused on playing our part to take swift action when alerted to any criminality in the namespace.”

“Our main goal is to make the UK a hostile environment for fraud, and working together with Nominet is one of the key ways we can achieve this,” said Detective Inspector Joanne Ferguson, of the City of London Police’s Cyber Prevention & Disruption Team of the National Fraud Intelligence Bureau. “Our partnership allows us to disrupt criminals by identifying domains being used in fraud and taking action to stop further people falling victim. It also allows us to prevent fraud from happening in the first place by predicting opportunities for criminals and working with Nominet to suspend domains before they are even used. A recent example of this is the work we did with Nominet around coronavirus-related fraud where we blocked the registration of unofficial domains linked to COVID-19. Protecting the public is our number one priority and we would like to thank Nominet for their continued support in helping us do this.”

Leave a Reply

Your email address will not be published. Required fields are marked *