22.10.2024 - Domain owners who forget to renew their domains on time, or who give their domains up voluntarily, may be in for a nasty surprise. We are aware of several scams where cybercriminals have taken advantage of domain owners’ lapses in attention.
Your own domain
Domain names are divided into a number of hierarchical levels. The highest level (called the top level domain) is on the far right. It usually indicates the country where the domain is registered. The next level down (called the second level domain) is directly to the left of it, separated by a period. This is a unique name that you choose – usually the name of your company. For example, if your website is called 'examplecompany.ch', the '.ch' part is the top level domain and 'examplecompany' the second level domain. Additional subdomains are optional; you can add them to the left of the second level domain.
Registering your own domain is an easy and inexpensive process. However, there are a few things to remember when it comes to managing it – don’t forget to renew your registration, for example. Registrations are usually only valid for one year.
What if you don’t renew your domain?
If, for whatever reason, you do not renew your domain registration, you are given a certain amount of time to re-register (in the case of a .ch domain, this grace period is 40 days). After that, your domain name becomes available to anyone who wants to buy it.
Scammers like to take advantage of this. A now abandoned domain may have built up a trustworthy reputation and have a good search engine ranking as a result. If a scammer snatches up this a domain, they can either use it to host their own content, or redirect visitors to another website (for more on how this works, see our weekly review 13/2023). For the original owner, a takeover can also cause reputational damage if their old domain is now filled with, or redirects to, fraudulent or pornographic content.
Clean up your old aliases
Last week we received a report of a scam that we will use as an example (note: the domain names used here are fake and have been changed for privacy reasons).
For some time, a canton offered an application under the subdomain ‘application.cantonXY.ch’. This domain was not associated with an IP address, but functioned as a kind of ‘alias’ (in technical terms, a ‘CNAME’) that redirected users to another domain owned by the canton, called ‘cantonXY-application.ch’. That meant that whenever a user accessed ‘application.cantonXY.ch’, they were automatically redirected to the ‘cantonXY-application.ch’ domain – which, in turn, was linked to its own IP address:
application.cantonXY.ch --> cantonxy-application.ch --> IP address of canton XY
Eventually, the canton stopped offering the application and gave up the corresponding domain name, ‘cantonXY-application.ch’. When they did, they forgot to delete the old alias, ‘application.cantonXY.ch’.
Scammers noticed this. They purchased the ‘cantonXY-application.ch’ domain and linked it to a scam page that offers fraudulent games. Because the alias was still intact, they were also able to benefit from existing links that used the official ‘application.cantonXY.ch’ domain name, and from the canton’s trustworthy reputation. Any user accessing ‘application.cantonXY.ch’ was automatically redirected to the scammers’ website:
application.cantonXY.ch --> cantonXY-application.ch (now owned by the scammers) --> IP address of the scammers
Recommendations
- Most domain name registrars give you the option of being notified before your domain registration expires. We recommend that you use this feature and that you register with an email address that you will still be using in a few years’ time.
- If you are no longer using a domain name that you have registered, you need to weigh up the (low) cost of maintaining it against the possible consequences of a third party taking over the domain.
- To avoid unpleasant surprises, maintain your subdomains, keep your DNS (Domain Name System) information up to date and delete old entries that are no longer in use.
Current statistics
Last week's reports by category:
Last modification 22.10.2024
