CIRA investigating dot-ca phishing scammers

The Canadian Internet Registration Authority (CIRA) is working with police to investigate a phishing scam that targeted dot-ca domain owners, according to its CEO Byron Holland.

The PayPal page set up by the scammers to collect payments from unsuspecting Web site owners has also been taken down, Holland says. Last week, CIRA posted a warning that a site called Renewdomain.ca was sending out fake e-mail renewal notices to dot-ca registrants. Those who clicked through on the link were encouraged to pay up to renew their Web domain – but the site was a fraud, taking payment for no real service. CIRA worked with the registrar used to operate Renewdomain.ca to take the site down last week. It’s not sure who is behind the scam, but is investigating the matter with police.

“We take it very seriously,” Holland tells ITBusiness.ca in a phone interview. “Having a secure domain space is critical to what we do. It’s woven into our DNA and our mandate.” These sorts of scams don’t happen often, he adds. “Is it possible for someone to try and operate a scan in the dot-ca space? Yes it is.”

When CIRA does become aware of scams, it immediately responds and involves the police. In this case, Renewdomain.ca was not a CIRA certified registrar and merely posing as one in hopes of collecting payment from Web site owners not paying close attention, or who perhaps don’t remember who their original registrar is in the first place.

But it’s not the first time CIRA has seen the lack of awareness dot-ca holders have of their registrars seized upon by opportunists. CIRA revoked the licence of Markham-based Brandon Gray Internet Services Inc. on Jan. 28, 2011 so it could no longer sell dot-ca addresses. The root of the problem lay in the activities of the one of Brandon Gray’s resellers, the Domain Registry of Canada (DROC). CIRA accused, in court, DROC of sending misleading solicitations to domain owners. But DROC is still selling dot-ca domains today, now a reseller of eNom Inc.

That’s the registrar that is responsible to CIRA, Holland says. “We hold them fully accountable,” he says. “So if there are any bad actors, or dot-cas are sold improperly, then they will be held to account.” It’s also up to Web site registrants to be aware of possible scams and to educate themselves about how to avoid these scenarios, Holland adds. CIRA’s Web site offers a knowledge centre with a cyber security consumer tip sheet and other resources. Holland’s own advice on avoiding scams online? If you receive an unsolicited e-mail asking for money, think twice. Don’t click on links in the e-mail, but go to the site in question independently and check on the status of your account.

 

Would you recommend this article?

0
0

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Brian Jackson
Brian Jacksonhttp://www.itbusiness.ca/
Former editorial director of IT World Canada. Current research director at Info-Tech

Related Tech News