: Fake domain and hosted email addresses issue? Many email addresses for domain rustamtowel.com have been compromised. My client forwarded me an old email which he sent me few days ago but I haven't
Many email addresses for domain rustamtowel.com have been compromised.
My client forwarded me an old email which he sent me few days ago but I haven't received that email. That email was sent to cs@rustamt0wel.com instead of cs@rustamtowel.com (0 zero instead of O). Then I came to know that another domain has been register just like my domain name. Someone also quote my client with wrong prices from wrong email address ceo@rustamt0wel.com.
How can I check that who is involved and be safe for future. Who can be responsible?
My domain registration guy
My web hosting company
Someone from my own office
More posts by @Merenda212
2 Comments
Sorted by latest first Latest Oldest Best
The company whose infrastructure is being used to host the website can be identified with a DNS Lookup which in this case reveals three A records:
54.246.86.121 (ec2-54-246-86-121.eu-west-1.compute.amazonaws.com)
46.137.164.212 (ec2-46-137-164-212.eu-west-1.compute.amazonaws.com)
54.247.110.132 (ec2-54-247-110-132.eu-west-1.compute.amazonaws.com)
Now that we have identified Amazon Web Services as the hosting company the following actions could be taken:
DMCA Take-down Notice: If the abusive domain is hosting a duplicate version of your website, where clearly it can be seen that your copyright has been infringed, and your original site has content marked clearly as being copyright, then you could submit a DMCA take-down notice letter to their hosting company requiring them to take action to remove infringing content. I have personally also seen take-down notices issued for trademark breaches so if you have a trademark in the name rustamtowel then you could also specify that the domain is an abusive registration and require them to suspend hosting for it. Normally this would be acted on quickly by the hosting company (i.e within 24 hours). According to a WebProNews.com article regarding DMCA submissions against the Pinterest website hosted on AWS these should be best sent to copyright@amazon.com.
Submit an abuse complaint to the hosting company, by filling in their AWS EC2 abuse contact form, stating the domain is an abusive registration, and if they have duplicated content from your website state that it is also infringing copyright, and if you have a trademark in the name, also state that the domain name breaches international trademark law.
Open a dispute case with ICANN under the terms of their Domain Name Universal Dispute Resolution Policy (UDRP) claiming that the name rustamt0wel.com in dispute is identical or similar to a name or mark in which the organisation you represent has rights, and that the domain name is an abusive registration. If you have a trading history (goodwill/reputation) spanning a number of years which can be evidenced with an official company registration, invoices showing budget spent on advertising and exhibiting the name, and/or trademarks in the name, then this should be straightforward to open a dispute. You could argue that the domain in the hands of the respondent is abusive because it was:
(a) primarily registered to unfairly disrupt your business because, explaining how the registration disrupted your business, how the Respondent is to blame, and provide evidence to prove everything;
(b) used by the Respondent in a way which already has confused people into thinking that it was controlled by me, specifically explaining what has been done, how you know that people have already been confused, and provide evidence to prove what you say;
(c) registered with incorrect name and address details, which is independently proved by [what? Explain what is wrong with the name/address, and how it has been independently verified that this is the case and provide evidence for everything you say]. I think it would be very unlikely that an established international business would participate knowingly in registering and operating abusive domain names, so it is therefore very likely that VistaPrint are essentially the victim of identity theft whereby their company details have been entered into the registrant details of the domain registration simply so that the real registrant can mask their identity and avoid having to pay for a WHOIS privacy service which would ultimately reveal their details to the police if issued a warrant/soepena.
Report Phishing Website to search engines and security solution providers using their web-based forms so that people might be informed the website has malicious intentions since it could be argued that abusive registration websites such as this are very unlikely to fulfill orders to customers after taking their money and therefore you could also call them phishing websites. To get you started here's a few of the most important ones to use:
(a) Google: Report a Phishing Page;
(b) Symantec: Report Suspected Phishing Sites;
(c) OpenDNS: PhishTank Website (registration required);
(d) Microsoft: How to report a Phishing Website (Internet Explorer must be used for this).
Initiate legal proceedings against VistaPrint (the domain name owner/registrant) through an Intellectual Property Rights (IPR) solicitor/attourney/lawyer that specialises in websites and Internet cases. Initially this simply involves your solicitor writing them a formal letter which threatens court action unless they take actions such as ceasing to operate a website from the domain name and transferring the domain name to you or your company. This can be effective and relatively inexpensive compared to the impact on your business of doing nothing to address it, though proceeding to court could prove very expensive by comparison if this letter is not responded to amicably, so you may wish to consider these options a last resort. In this particular case where I think VistaPrint are likely to not be responsible, other than to provide some further evidence for an ICANN dispute this option may be prove to be a waste of time in this case.
With regards to finding out who is behind it, unfortunately when dishonest people are involved in malicious activity like this they cover their tracks well and you will therefore never likely find out who is behind it. Your webserver logs might reveal an IP address from when your website was initially copied (if it was copied) and that might reveal further clues as to their ISP, however to identify the user behind the ISP normally you would have to report this as a crime to the Police and they could then investigate and obtain records from the ISP.
From experience, the Police don't tend to assign much resource to cases like this since the impact/damages is fairly insignificant and they would be unlikely to catch or prosecute the person(s) responsible. If you could show a number of your customers had been defrauded of relatively large sums of money this would make a big difference for a criminal investigation. If they simply confuse your customers, or take your business by quoting and supplying your customers then you might be better pursuing this via your local authority Trading Standards office if in the UK, or equivalent if not in the UK.
Okay.
whois.domaintools.com/rustamt0wel.com is going to tell you as much as you can get on your own.
However, it sounds like it is time for an attorney. Preferably one who specializes in Internet issues. If your customer engages an attorney, the attorney can contact the legal department of VistaPrint and Tucows and get a real name. From there a cease and desist order can be had which may not be necessary. It is likely that VistaPrint and Tucows will immediately take down the site and provide you with contact information.
Then a lawsuit against the individual if and only if you can demonstrate damages.
This can happen very quickly with no-one ever knowing.
Otherwise, I am not sure how you would know.
Good Luck!
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.