In our continuing review of Rogue Registrars we have stumbled upon on a very elaborate fake banking site for "Swiss Bank" or "Bank of Switzerland" (bankofswissltd[DOT]com). To the casual Internet consumer this site probably appears legitimate, but a number of clues tip off the fraud. Phishing sites are everywhere so this does not immediately raise eyebrows until you review the Thick WHOIS record for bankofswissltd[DOT]com. According to the WHOIS this domain is sponsored by the "Registrar: Jolis Intercom”. The problem is that Jolis Intercom does not appear in the ICANN or InterNIC directory. Jolis Intercom is not an accredited gTLD Registrar. So what is going on? Jolis Intercom is a reseller for the Registrar Internet.BS, a Registrar coming under increasing scrutiny. We also found a fake Bank of Thailand on the same server.
In previous postings we have seen that Internet.BS exists completely in the shadows and now it is found they have their own domain reseller elevating themselves to the status of a Registrar by manipulating WHOIS records for the domains they control. This manipulation adds an additional layer of obfuscation and misdirection. A consumer or investigator attempting to validate whether or not this bank is real will be further confounded by the lack of a reliable Registrar contact to handle the situation. There is absolutely no reason why a reseller should be able to manipulate WHOIS in this way, it is unacceptable.
Resellers are companies which operate under a Registrar's accreditation and are solely accountable to that Registrar. While KnujOn has expended considerable effort making Registrars more transparent and accountable, resellers are a far more insidious and unknown group of players in the Internet architecture. Resellers, in effect, act as Registrars and have the same access but none of the disclosure requirements intended to protect consumers. ICANN has no knowledge of who the resellers are or how many are in existence. More accountability of the domain resellers is part of the proposed changes to the RAA which are stalled in negotiations.
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Minds + Machines
Neustar DDoS Protection
Neustar DNS Services