Namecheap, you are hurting the internet!
The above chart is live and updated daily. As of today 9/24/17 thirty five point six percent of the domains reported to us since we began recording on 8/23/17 are sponsored by NameCheap INC. These domains are allowed to continue to scam consumers long after they are reported. An example of this is “ecojetexpress.us” which has been reported repeatedly by both petscams.com and victims who have lost money. When victims of this scam filed an abuse report NameCheap did not “take reasonable and prompt steps to investigate”. Instead they forwarded the abuse report with the victims information to the criminal.
As I write, 5 months later, ecojetexpress.us is still online scamming people.
A little bit of background?
Firstly we need to know what a website is. At its simplest, a website comprises of a domain name, Website.com, and the files that make up the content of the website. These files are kept on a server or “hosting”. The domain name, in this case Website.com, is linked to the hosting. When you go to www.Website.com you will arrive at the correct hosting.
You can think of it as your SIM card and your cell phone. The SIM card contains the number which links to the cell phone so that you can receive a phone call to that number.
If you lose your cellphone you can always use your SIM card with another phone and to the caller there is no noticeable change.
How scammers use this
Domain names are registered with a Domain Name Registrar. Scammers register a scam domain with a Domain Name Registrar and use a separate company to host the scam website. By looking at the WHOIS (registration details) of a domain you can find the email which you need to send an abuse report to shut down a scam website. Petscams.com never attempts to shut down the website hosting as the scammer can recreate the website on another hosting in minutes and continue to scam.
By doing this, the scammer can continue to scam people even if the website hosting is shutdown repeatedly.
AA419.org is an online group of volunteers who protect the consumer by finding Scam Websites and shutting them down by filing abuse reports. They actively work with registrars to shut down criminal domains.
How do Domain Name Registrars facilitate scammers?
Many Domain Name Registrars do an excellent job. The Endurance Group, Tucows, GoDaddy and Internet.bs can be counted amongst companies that protect consumers by taking swift action to investigate domains registered by criminals with the intention of scamming consumers. For the purpose of this article we are going to focus on another Domain Name Registrar who actively supports online criminals by providing them with a safe haven. Over one third of the websites reported on PetScams are sponsored by Namecheap INC.
I think it is worth repeating. Over ONE THIRD of the websites reported as pet scam websites are sponsored by one company. Petscams.com has had over 4,000 scam websites reported since April 2017.
Namecheap is governed by ICANN Registrar Accreditation Agreement 2013 which states that Namecheap must:
take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse.
However, Namecheap sometimes takes months to respond to abuse reports with:
….Namecheap acts as the registrar only. It means that our ability to investigate the matter is limited since the content transmitted via the website is not located on our server. Please also note that we do not own the reported domain names, we are simply the company the domain name was registered with. Considering the aforementioned points, we recommend that you contact the hosting provider, who would be in a better position to validate your claims and take the appropriate action.
Additionally, if you believe you are a victim of an Internet crime, or if you are aware of an attempted crime, you can file a complaint through Internet Crime Complaint Center at https://complaint.ic3.gov , who are in the best position to fully investigate any such issue across any/all service providers.
This can be surmised as “We sponsor the domain but we refuse to look at the website. We are only concerned with the domain name. Tell someone else”
This is neither “prompt” or “appropriate” and if was true would negate the need for the obligatory abuse contact email as per ICANN.
As scammers have found a safe haven with Namecheap INC they will register multiple domains without fear of being shut down. Some domains can eventually be suspended after a prolonged campaign but the scammer will simply buy a new domain using the same account and continue scamming. Namecheap does not recognise that an account with 300 domains, 100 of which have been suspended, belongs to a scammer. Each domain required a concerted effort and multiple abuse reports in order to shut them down.
An example of one such scammer is firstname.lastname@example.org which has registered 92 domains to use in Pet Scams in less than a year. Some have been suspended while others have been allowed to continue including which was reported on April 20th 2017 here and is still allowed to scam consumers.