Online fraudsters are creating fake versions of South African government email addresses and websites to trick consumers into divulging sensitive information such as user names, passwords or financial data in order to perpetuate tender-related scams.
That’s the word from ZA Central Registry NPC CEO Lucky Masilela, who says abuse within cyberspace has historically focused on the issue of cybersquatting. The latter refers to the registration of well-known company or brand names as Internet domain names with the intent to resell them at a profit.
Now, however, new forms of domain name abuse unrelated to commercial rights have started to become apparent, Masilela says. “Among these is what is known as phishing where a domain name resembling, for example, a government department is registered with the possibility of conducting fraudulent activities.”
The ZACR is a non-profit company that administers, amongst others, the .ZA Second Level domain name space with over 1,1-million domain names currently registered.
Although the ZACR does not regulate website content of .ZA-registered domain names, it believes that these domain names under its administration can be used in creating these websites.
As a good corporate citizen, ZACR feels duty bound to provide advice related to the safe navigation of the worldwide web. “Domain names are essentially the route markers in cyberspace and we are concerned about the increase in abusive registrations designed to lure unsuspecting consumers down the wrong path,” says Masilela.
This new phishing tactic, where fraudsters make contact with members of the public, usually via email in an attempt to direct them to fake versions of government websites, has been extensively reported in the media of late.
“Members of the public should always double check the address of the website they are navigating to ensure they are interacting with a legitimate South African government website with a valid domain name ending with GOV.ZA,” Masilela explains.
To reiterate, legitimate South African government websites will always end in gov.za, and not in co.za, or any other domain name extension. There are strict eligibility criteria that must be met before a moderated domain such as gov.za may be registered, which is not the case with domains like co.za, which are largely registered on a first-come, first served basis.
An example of an illegitimate site would be housing-gov.co.za.
As a rule, there is no human interaction when a domain name is created in an unmoderated namespace like co.za. “Names are created within milliseconds and this virtually instantaneous way of registering new CO.ZA domains has been key to the continuing success of the flourishing local web and all the benefits that it brings,” Masilela explains.
It should be noted, however, that while CO.ZA domain name registration is a relatively fast, simple and straightforward process, there are rights protection mechanisms in place to assist companies and individuals to challenge abusive domain name registrations that infringe on trademark rights and/or constitute passing off.
Passing off, in the domain name sense, is where a domain will closely resemble an authentic domain name in order to pass off the former as the actual and reputable brand owners.
“ZACR believes individuals and organisations should be vigorous in protecting their intellectual property rights in cyberspace in an effort to combat this unlawful and undesirable practice and will endeavor to render every assistance within the scope of its Registry Policy Framework in this regard,” Masilela says.
He points to Section 77 of the ECT Act No. 25 of 2002 which could prove useful in cases where a fraudulent website is being hosted with a local Internet Service Provider (ISP) that is also an ISPA (Internet Service Providers’ Association of SA) member. Essentially, section 77 entitles anyone with a basis for an unlawful activity claim to lodge a ‘Take-Down Notice’ to an industry recognized Representative Body, such as ISPA, which has the power to request its member/s to remove the alleged unlawful content.
According to ISPA, the leading category of notice is copyright and trademark infringement, followed by fraud, malware and phishing.
“The key to success will always be a vigilant and alert public. The abuse of domain names can largely be prevented if the public exercises the same degree of caution in the virtual world as they do in the real world,” Masilela adds.
