If the price is too good to be true, well, it’s almost certain the be a fraud. But there are plenty of online shoppers who are only too willing to let the temptation of a bargain tempt them. And they often end up with counterfeit goods. And it’s a problem that many TLD managers take seriously. After all, they have a reputation to protect, for themselves and their customers with legitimate businesses using their domain names.
The problem of counterfeit goods and fraudulent websites has been growing rapidly and SWITCH, the .ch (Switzerland) ccTLD manager, has been working hard to deal with it. In 2016, SWITCH deleted around 700 .ch domain names for online shops. By August 2017, the figure had leapt past the 5,000 mark.
“Thanks to close cooperation with the authorities and improved processes, our targeted campaign allowed us to remove 4,500 fraudulent .ch online shops in August 2017 alone,” said Michael Hausding, a security expert in domain name fraud and a member of the 14-person SWITCH-CERT team of security experts.
“The fraudsters running these shops were attempting to steal money from internet users or gain access to their credit card information. By taking this approach, we are one step ahead of other domain endings, such as .com. We want internet users in Switzerland to continue to rely on a high level of security and trustworthiness of .ch web addresses.”
Internet users who visit fraudulent websites are exposed to several risks: they provide their credit card information along with email and postal addresses to criminal organisations. After making payment, they receive merchandise of inferior quality – if they receive anything at all.
To better protect internet users against threats when visiting .ch websites, the SWITCH Foundation has intensified its cooperation with the Federal Office of Police (fedpol) and other Swiss authorities, and has automated the processes for assisting the authorities. The SWITCH security experts have also created a list of five tips for secure online shopping. They are:
1. Security features
Legitimate online shops are protected by a secure web connection. When you arrive at the ‘Checkout’ process, at the very latest, you should be able to recognise a legitimate webshop by its security attributes, such as a green lock icon and use of https:// instead of http://. Both security attributes are visible in the address line of your browser.
2. Promises of discounts
Be suspicious of brand-name product offerings with unusually big discounts.
3. Internet address
Have an overall look at the provider: does its name, logo and web address seem credible? If you are unfamiliar with the shop, ask around to see whether other people have had a good experience with it. Fraudsters like to use web addresses of legitimate, albeit defunct, websites. This allows them to exploit the recognition factor and a better Google ranking.
Switzerland requires websites to include an imprint (Impressum). Websites that offer merchandise, works or services must disclose their identity with a name and contact address. The link to the imprint is usually found at the bottom of a website. Be suspicious if a link, such as in this example, is missing or if the information provided does not seem credible. If in doubt, check the website address with www.nic.ch; this website operated by SWITCH lists the contact address given by the holder of the domain name when it was registered. But beware: this address may be fictitious. Avoid a webshop if this information seems dubious to you.
5. Reporting form
Always report fraudulent and suspicious websites to the Federal Office of Police (fedpol) by completing the reporting form: https://www.fedpol.admin.ch/fedpol/en/home/kriminalitaet/cybercrime/meldeformular.html
Removal procedure – close cooperation with authorities
If a Swiss authority (e.g. fedpol, MELANI, Comlot, ESBK, SECO, Swissmedic) comes across a .ch website that is potentially in violation of the law in the course of its work, it attempts to contact the owner of the .ch domain name. This requires a contact address in Switzerland. If the domain name owner has registered an invalid address or an address outside the country in the SWITCH database, the authority contacts SWITCH. The foundation then gives the owner 30 days to provide a valid address in Switzerland. If the deadline passes without a response, SWITCH deletes the domain name and the fraudulent website is no longer accessible. This procedure is in line with the Federal Ordinance on Internet Domains (IDomsO).
Protecting Europe’s most secure address
The security experts at SWITCH have been very proactive in fighting cybercrime for several years now, particularly in the case of malware and phishing. As a result, .ch has become Europe’s most secure domain ending. Together with partners in the Swiss internet industry, SWITCH also started the Safer Internet initiative. SWITCH is also working closely with the Swiss authorities in the area of white-collar crime. The goal is always the same: to offer Swiss internet users maximum protection against threats.