Friday, April 13, 2018

UPDATE: Phishing, a few weeks after

I wrote a small article (in French) on several procedures that I just tried at the ICANN and at a Registrar hosting a domain name used for phishing.


What we did
Basically, ICANN offers 2 emails to write to and we also used two different procedures at the Registrar concerned: the abuse email and a dedicated form.

The result is the one expected: the ICANN created a case and answered us the below but none of the other two parties we contacted even answered us.

Answer received from ICANN
Dear Jean Guillon,
Thank you for contacting the ICANN Global Support Center.
I will be happy to provide you with further information. Please note, the 2013 Registrar Accreditation Agreement (RAA) requires ICANN-accredited registrars to provide abuse contact information, take steps to investigate reports, and respond appropriately to any reports of abuse. The full abuse contact requirements can be found in Section 3.18 of the 2013 RAA at: https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#3.18 .
For more information about Registrar Abuse Reports and the type of reports, please see: https://www.icann.org/resources/pages/abuse-2014-01-29-en .
If you wish to submit a complaint to our Contractual Compliance about the registrar failing to comply with the requirements, please complete the form at:https://forms.icann.org/en/resources/compliance/complaints/registrars/standards-complaint-form .
Please allow 3-5 business days for our Contractual Compliance Team to respond to your complaint submission.
I hope this information is helpful to you. Please contact us if you have any additional questions or concerns. This case will now be resolved. Thank you for contacting ICANN.
The ICANN form (...)
I submitted a complaint to the Contractual Compliance Team (as suggested in the answer received by the ICANN) but at this stage, I thought that ICANN would already have acted since I already sent all informations: this form is probably going to be sent to the Register.it

26 of March 2018
  • ICANN ask the same informations + a copy of the abuse email that I sent to Register IT with my authorization to contact them (...);
  • They also write that I did not fill in their form correctly (...).
I resend them all this (...).

13 of April 2018(and after informing the ICANN (who answered it would inform the Registrar))
I received an email from Register.it and here what it says: "Dear Sir according to ICANN request, here below a summary of actions taken by our Abuse Team with reference to your request, please be informed that":
  • "on March 8, 2018 we have received your abuse report (copies of emails received are attached)": I never received confirmation of this.
  • "In the following 24 hours our dedicated Abuse Team has examined the issue and taken the necessary steps to solve it": I seriously doubt it but surprisingly, after complaining several times to the ICANN and after more than a month, Register.it returned with this answer.
  • "Each abuse report requests of course different actions, in this case they intervened removing the dangerous involved folders": do I understand that you removed a client's folder hosted with you? I checked the sub-domain and it is still in place and not pointing to an error.
  • "Customer has been then accordingly informed. Just for your further information in this case RNH and AH are the same entity": I have no idea what this means and I would have expected the domain to be a little more investigated because the whois still shows a "Domain Status:ok".
16 of April 2018
After more than one month exchanging with registrar and ICANN and for one single domain name hosting a phishing operation, ICANN considers that the abuse complaint is closed:
"Dear Jean Guillon,
Thank you for submitting an Abuse complaint concerning the registrar REGISTER.IT SPA. ICANN has reviewed and closed your complaint because:
 
- The registrar demonstrated that it took reasonable and prompt steps to investigate and respond appropriately to the report of abuse. 
ICANN considers this matter now closed.
Please do not reply to the email. If you require future assistance, please email compliance@icann.org; if you have a new complaint, please submit it at http://www.icann.org/resources/compliance/complaints .
 
ICANN is requesting your feedback on this closed complaint. Please complete this optional survey at https://www.surveymonkey.com/s/8F2Z6DP?ticket=changed .
Sincerely,
 
ICANN Contractual Compliance
Let's be honest: WHO GOES AS FAR AS THIS WHEN RECEIVING A PHISHING EMAIL AND WHO UNDERSTANDS SUCH ANSWERS?

Score
Phishers / Gmail filter = 1
Icann / Register.it = 0

Useless procedures
This way to proceed against phishing for end users is an absolute nonsense: the ICANN procedures and rules for such common problems are useless.

Read my article in French.

No comments:

.BRAND new gTLD Reports are updated once a month: CLICK HERE !