Nominet has suspended over 180 .uk domain names related to the current Covid-19/Coronavirus pandemic with a blend of manual and automated checking processes that has helped the .uk registry to identify, at the point of registration, which new domains are likely to be used for phishing.
When a domain is identified as suspicious – based on algorithm and then a manual check – are suspended until, as Eleanor Bradley, MD Registry Solutions and Public Benefit at Nominet explained in a blog post last week, the registry sees evidence of good intentions from the registrants. As a result, a small proportion responded to their satisfaction and had their domain names reactivated.
It’s highly likely that those who did not respond were intending to use their domains to manipulate a public in need of information. With Nominet preventing these domains from entering the registry is a priority to ensure users of our national namespace are kept as safe as possible.
Not all domain names relating to the current pandemic are registered for malicious purposes with Nominet acknowledging some are for legitimate reasons including pharmaceutical trials, topical blogs or community groups offering support.
But it’s not only at the point of registration that the .uk country code top-level domain (ccTLD) registry is picking up potentially malicious registrations. Nominet is also always working collaboratively with UK law enforcement to ensure they can monitor domains that have already been registered for any criminal activity. In this way, they have identified a list of over 300 domains that are using the terms ‘covid-19’ or ‘coronavirus’ in their domain name which, as is usual practice, Nominet has shared with the appropriate regulatory authority for guidance. It should be noted that some of these will be innocent, as ‘corona’ appears in other words such as coronation – or Corona beer – and so some unrelated websites will inevitably be collected in their searches, which will not be acted upon.