News

    .uk and .nl introduce landing pages for domain names linked to cybercrime

    02.06.2021

    - David Goldstein -

    Two of the largest ccTLDs, the Netherlands’ .nl and the United Kingdom’s .uk, have taken steps to make their country codes a bit safer, and ward off scammers and cybercriminals, by introducing landing pages for domain names used for cybercrime. These landing pages are intended to educate internet users as to why they were taken to the page. The .uk and .nl ccTLDs are the sixth and eighth largest top-level domains in the world with 11.0 million and 6.2 million domain names respectively.

    Nominet expands its pilot project

    For .uk, Nominet who manages the country code top-level domain (ccTLD), is redirecting internet users who attempt to go a website using domain names suspended due to criminal activity to law enforcement landing pages. The first of these landing pages were introduced in a pilot in November 2020 when Nominet became the first domain name registry in the world to implement these landing pages. Instead of simply leaving the suspended page to show an error message – with no explanation as to why it won’t resolve, real-time advice was shared and information for people who may have been a victim.

    The first landing page was developed in conjunction with the City of London Police IP Crime Unit (PIPCU), with their specified content being shared on domain names suspended on their instruction. This was later expanded to include domain names reported by the Medicines and Healthcare products Regulatory Agency (MHRA), the Financial Conduct Authority (FCA) and the National Crime Agency (NCA). These three agencies in particular were critical due to the ongoing COVID-19 pandemic. As a result of the pandemic there has been a sharp rise in both medicine and financial fraud online due to the toxic combination of a fast-changing health situation and an increased amount of time spent online by internet users, not to mention an environment of sustained anxiety and economic uncertainty.

    Nominet’s first law enforcement agencies advised that financial difficulties often result in more scams being launched. The MHRA reported one in ten people bought fake medicines online in 2020, while the FCA reported they saw an increase of around 50% in reports about criminal activity during 2020 compared to the previous year. This resulted in 232 requests for the suspension of .uk domain names being made to Nominet by the FCA. Users of the FCA’s informative Scamsmart page regularly say they could have invested over £10,000 with an unauthorised person if they hadn’t been given advice on what to watch out for.

    Suspending the domain name is a key part of disrupting crime, but the other side of the coin is educating people on how to stay safe. This has become ever more important as cyber criminals are able to deliver increasingly sophisticated fraudulent sites that look remarkably authentic.

    In the near future Nominet plans to launch landing pages for all 13 of the Law Enforcement Agencies (LEAs) Nominet currently works with, providing all with another means of accessing their ‘audience’ and protecting the vulnerable.

    SIDN takes a different approach

    While the Dutch ccTLD manager SIDN hasn’t been working with as many law enforcement agencies, they’ve taken a similar approach, delinking servers of .nl domain names reported to the Police National Internet Fraud Desk. At the Fraud Desk's request, SIDN approaches the domain's registrant with a view to verifying the registration data. If the data can't be verified, SIDN is now switching the registered name servers so that the domain name points to the special landing page. Any unsuspecting internet user who lands on the page then sees an explanation of why they aren't on the website they were expecting. Shortly after a domain's name servers are delinked, it becomes impossible to reach the domain using its domain name.

    "The idea of setting up a landing page to tell internet users why a website can't be reached is a product of our close ties with the Police National Internet Fraud Desk," explained Chiel van Spaandonk, Abuse Desk Specialist at SIDN. "Every year, we block access to thousands of malicious websites, often after being alerted by the police. The reason for blocking them is, of course, to protect internet users and prevent them falling victim to internet crime. Until now, though, a user who tries to visit one of these sites has been left in the dark about why they can't see it. So the new landing page has been set up to explain what's happened and tell them where they can go to get more information from the police and SIDN. We aren't alone in doing this. Various other registries, including Nominet, the registry for .uk, have similar policies."

    Gijs van der Linden, Team Leader at the Police National Internet Fraud Desk, fills in the background. "Fake webshops and other forms of internet crime are multiplying at an alarming rate," he says. "The police, the Public Prosecutor's Office and various market players are therefore working together to address the problem. SIDN is one of the organisations we work with. The Police National Internet Fraud Desk has been set up so that internet users can report fraudulent activities. If the subsequent investigation points to crime, it's important to act quickly, so as to minimise the number of victims. Disabling the domain name is one way of doing that. But it previously had the drawback that an unsuspecting internet user who has, say, clicked on a link expecting to see a site selling cut-price sneakers simply got an error message. There was nothing to tell them that they almost fell for a scam. The new landing page will help the fight against internet crime by educating users."

    "We are constantly working to tackle internet crime," adds Chiel van Spaandonk. "While the new landing page doesn't contribute to security directly, we're expecting it to promote awareness by letting people see that not all webshops can be trusted. If something seems too good to be true, it probably is. In due course, we may start using pages like this more widely. In situations where we have intervened at the request of other organisations, for example. Or where we've disabled a domain name on our own initiative after detecting phishing activity. It's all part of our ongoing commitment to making the internet more secure."

    If you want to know more about domain security, please contact us.