Paedophiles "exploiting lax Web rules"
By Bernhard Warner
Date: October 07, 2003
LONDON (Reuters) - Fraudsters and paedophiles are using lax Web site registration policies to commit an increasingly elaborate web of cyber crime, the country's top cyber cop says.
In an interview with Reuters, Detective Chief Superintendent Len Hynds, head of the UK's National Hi-Tech Crime Unit (NHTCU), called on the legion of domain name resellers to stop the "no-questions-asked" practice of selling Web site names.
"We need to have more confidence around domain name selling," said Hynds in a rare interview. "How can it be that you can buy a domain name that is so similar to your high street bank? It just doesn't seem right to me." An increasingly popular scam hitting financial institutions and retailers is known as "Web site spoofing" in which a fraudster acquires a Web site name that closely resembles a bank or business's Web site.
Under one such scam, the fraudster sends e-mail messages en masse to random Internet users telling them to visit an authentic looking Web site where they are required to input their banking or credit card details. In order to work, the scam requires a lot of luck and even more gullibility on the user's part. It takes just one e-mail respondent to follow the trail to net the fraudster a tidy gain.
In the past month, UK retail banking giants Barclays Plc and Lloyds TSB have fallen victim to a Web site spoofing scam. The banks quickly issued statements to customers alerting them to the scam. In the Lloyds case, police took the site offline, the bank told Reuters on Friday. Hynds said paedophilia rings are also setting up shop online registering Web site domains that carry telltale names of the trade such as "Lolita" or "underagesex".
"That's even more difficult to defend. But people I've been speaking to say there is no human interface with that process," Hynds said. He added he has met with UK-based domain name registrants, to little or no avail.
Domains are sold by companies ranging from small Internet service providers to major corporations such as Yahoo Inc. and Verisign. The discussions have failed to ignite any policy changes, mainly because domain name sellers have established an automated process to handle the brisk business.
^macro[showdigestcomments;^uri;Paedophiles "exploiting lax Web rules"]