Responsible for running and keeping the .UK internet infrastructure secure, Nominet has published its update on .UK domains suspended for criminal activity over the 12 months to October 2020.
Nominet suspends domains following notification from the police or other law enforcement agencies that the domain is being used for criminal activity. It also puts on hold domains at registration where criminal activity such as phishing is suspected by Nominet’s systems.
- Following a similar trend to last year, the criminality report shows that the number of .UK domains suspended following requests by law enforcement agencies between 1 November 2019 and 31 October 2020 was 22,158 – this represents around 0.22% of the 10 million .UK domains currently registered. The number is down from 28,937 in the previous report.
- Nominet now collaborates with 13 reporting organisations (up from ten in the previous year) and received requests from eight of these (five the previous year). The Police Intellectual Property Crime Unit (PIPCU), which processes and co-ordinates requests relating to IP infringements from nationwide sources, is the main reporting agency with 21,632 requests (down from 28,606), followed by the National Fraud Intelligence Bureau 266 (up from 178), the Financial Conduct Authority at 232 requests (up from 48) the Medicines and Healthcare Products Regulatory Agency at 13 (down from 31) and Trading Standards at 7 (down from 90).
- The number of requests that didn’t result in a suspension was 47 – up from 16 in the previous year. Reasons for requests not resulting in suspension include the domain already being suspended due to a parallel process, the domain already being transferred on a court order, or the registrant modifying the website to become compliant following notification.
- The number of suspensions that were reversed was 15 (up from five). A suspension is reversed if the offending behaviour has stopped and the enforcing agency has since confirmed that the suspension can be lifted. We have seen similar fluctuations year on year since 2014.
- The report also provides an update on domains flagged under Nominet’s proscribed terms policy, introduced in May 2014. Over 1,060 newly registered domains were identified as potential breaches, but no suspensions were made, indicating a high number of false positives. Over the same period there were no suspension requests from the Internet Watch Foundation on Child Sexual Abuse Images (CSAM) on .UK domains.
- For the same period, Domain Watch – Nominet’s anti-phishing initiative that suspends suspicious domains at the point of registration – saw 5,006 domains suspended, almost double the number of suspensions year on year (2,668). When identified as high risk of phishing, domains will not be usable until extra diligence is conducted to satisfy us the registration does not pose a phishing risk. If a domain is suspended, the registrant will receive an email informing them what has happened, together with the next steps required if they feel the suspension was not correctly applied. Of these, 558 (up from 274) successfully passed our additional due diligence and completed the registration process.
- In response to the pandemic, Nominet has stepped up checks on new domain registrations to mitigate against fraudulent activity related to Covid-19. To 28 October 2020, Nominet had placed 3,811 domains related to Covid-19 on hold at the point of registration pending further registrant checks. 1,568 of these domains have now passed due diligence and are now registered in the namespace. Eight domains suspended for criminal activity were related to Covid-19.
Russell Haworth, Nominet’s CEO said: “New anxieties are a bounty for cyber criminals who look to take advantage of others online for their own gains, not least by exploiting the pandemic. This year, we proactively sought to weed out coronavirus-related domains registered for criminal intent and had put on hold almost 4,000 by the end of October. With less than half passing the due diligence we require to reinstate them, it’s clearly helping keep scams at bay.
“This work complements our ongoing collaboration with law enforcement. The overall drop in suspensions they requested is driven by fewer PIPCU referrals, which suggests that their work to stop counterfeit goods reaching .UK domains is having an effect. Criminal groups are also starting to realise .UK domains used for scams will be suspended promptly. While that’s good news, we remain focused on playing our part to take swift action when alerted to any criminality in the namespace.”
Detective Inspector Joanne Ferguson, of the City of London Police’s Cyber Prevention & Disruption Team of the National Fraud Intelligence Bureau said: “Our main goal is to make the UK a hostile environment for fraud, and working together with Nominet is one of the key ways we can achieve this. Our partnership allows us to disrupt criminals by identifying domains being used in fraud and taking action to stop further people falling victim. It also allows us to prevent fraud from happening in the first place by predicting opportunities for criminals and working with Nominet to suspend domains before they are even used. A recent example of this is the work we did with Nominet around coronavirus-related fraud where we blocked the registration of unofficial domains linked to COVID-19. Protecting the public is our number one priority and we would like to thank Nominet for their continued support in helping us do this.”
Mark Steward, Executive Director of Enforcement and Market Oversight at the Financial Conduct Authority, said: “Seeking suspension of domains is a key tactic we use to disrupt scammers and fraudsters and Nominet has a significant part to play in helping us achieve this. Working with Nominet, we’ve suspended 232 .UK domains this year, a sharp increase from 48 last year, and that shows the FCA’s determination to clampdown on online harm. It is also an indication of the proliferation of online scams we continue to see every day. Consumers can find more information on how to avoid being scammed on our ScamSmart website.”
Eleanor Bradley, MD of Registry and Public Benefit at Nominet comments: “While we’ve seen a decline in PIPCU requests for suspensions, there have been some increases year on year for other key LEAs that we work with to keep the UK domain safe and secure for the millions of individuals and businesses that use it every day. Increases in suspensions from the FCA and NFIB show that we cannot sit on our hands as the fight to keep up with the criminals is ongoing and ever evolving.
“Working closely with our partners is essential, and this year, Ofcom and the Environment Agency have also requested suspensions. We’re proud to play a part in helping them protecting our airwaves and natural environment by addressing criminal activity online.”