Does a sophisticated scam that includes using a domain name count as DNS abuse?
Yesterday, I wrote about how data suggest DNS abuse has decreased over the past few years.
A key question about all DNS abuse data is how you define it. What exactly is DNS abuse?
I discussed this topic with Graeme Bunton, Director of the DNS Abuse Institute, on a podcast last year.
Reasonable people can disagree on what constitutes DNS abuse. Domains used for spam, phishing, and malware are usually included in the definition. But what about a sophisticated scam that involves using a domain that might trick people but is part of a much bigger scheme?
Last week, Future Test Inc filed a lawsuit (pdf) against the perpetrators of a sophisticated fraud.
Future Test uses the domain name FutureTest.com. The fraudsters registered FutureTestIncAZ .com to impersonate Future Test. They posted job listings on popular job boards and then interviewed candidates online.
Once they offered a fake job to the candidate, they told the candidate they needed two forms of ID to verify them for employment. They also needed banking information for direct deposit. And, in some cases, they needed a credit card.
You can imagine the damage someone can do when they have a copy of someone’s passport, driver’s license, and bank numbers.
In addition to ID and banking theft, they duped some of the people into incurring expenses on the belief they’d be reimbursed.
It’s a sophisticated scam made possible by the ease…
