The Dutch ccTLD registry has taken down 4,340 fake webshops with .nl domain names in 2019, SIDN announced Monday. A large proportion of the fraudulent sites were detected using new self-teaching tools developed by SIDN Labs.
These tools work by continuously scanning .nl websites for characteristics associated with fraud as SIDN looks to get scams stopped as early as possible. The time that the domain name was registered and the email address used for registration are two of the features looked at by the tools. As more and more data is gathered, the profiling characteristics used to identify suspect sites are constantly refined: the toolset effectively teaches itself how to recognise fakes.
The news from SIDN comes after EURid announced earlier this month their Project APEWS – Advanced Prevention and Early Warning System – had correctly detected over 60,000 malicious .eu domain name registrations since January 2018, including just over 2,000 since its official launch in December 2019.
Working in tandem with the .nl registrars and other partners, SIDN got 4,340 fake webshops taken down in 2019. A large proportion of the fraudulent sites were detected using new self-teaching tools developed by SIDN Labs. By continuously scanning .nl websites for characteristics associated with fraud, SIDN looks to get scams stopped as early as possible. The time that the domain name was registered and the e-mail address used for registration are two of the features looked at by the tools. As more and more data is gathered, the profiling characteristics used to identify suspect sites are constantly refined: the toolset effectively teaches itself how to recognise fakes.
Prior to intervention, every webshop flagged up as suspicious is analysed by personnel in SIDN’s Support Department so that bona fide webshops aren’t shut down. Of the .nl websites examined between September and December, 79.3 per cent were confirmed as fakes. The self-teaching capability of the algorithm means that new strategies adopted by fraudsters are picked up and addressed sooner.
The problem with fake webshops as SIDN explains is they are a serious headache for internet users; they swindle consumers out of large sums and undermine trust in the internet. SIDN Labs — the research team of the Dutch national domain registry — therefore invests considerable energy in tackling the problem. From years of experience, the team is acutely aware that the scammers are adapting all the time. “A while back, for example, fake webshops typically used long page titles that included multiple luxury brand names,” said Thymen Wabeke, Research Engineer at SIDN Labs. “However, as soon as the crooks realised that long titles were one of the things our detection tool was looking for, they stopped using them.”
In pursuit of a constantly moving target, SIDN Labs is always improving its detection tools. Roughly nine website characteristics are currently analysed, most relating to the domain name registration process and the infrastructure used. They include the e-mail address linked to the registration, the time of registration and whether the domain name has a previous owner. “The timing is significant because a high proportion of fake webshops are registered during Chinese office hours,” says Wabeke. “The re-registration of used domain names is another popular tactic with scammers. If a domain name is dropped by its user, it can be re-registered by someone else after forty days. And more than half of suspect domains turn out to have been re-registered as soon as the forty days were up.”
A rigorous procedure is followed when dealing with suspect sites. If analysis by Customer Support confirms the tool’s conclusions, the registrar used to register the domain name is alerted and asked to take down the site. In cases where a suspect site is linked to a domain name whose registrant details can’t be confirmed within five days, SIDN is allowed to de-link the name server. That prevents anyone reaching the site by using that domain name.
SIDN Labs has produced an academic article detailing how fake webshops operate and the efforts to tackle them. The article was recently accepted for publication at the prestigious Passive and Active Measurement Conference 2020.