NameCheap is hurting the internet!

May 3, 2020
4278 Views
9 Comments

wpDataChart with provided ID not found!

Namecheap, you are hurting the internet!

The above chart is live and updated daily. As of today around 38% of the domains reported to us since we began recording on 8/23/17 are sponsored by NameCheap INC. These domains are allowed to continue to scam consumers long after they are reported. An example of this is “ecojetexpress.us” which has been reported repeatedly by both petscams.com and victims who have lost money. When victims of this scam filed an abuse report NameCheap did not “take reasonable and prompt steps to investigate”. Instead they forwarded the abuse report with the victims information to the criminal.
5 months later, ecojetexpress.us was still online scamming new victims.

A little bit of background?

Firstly we need to know what a website is. At its simplest, a website comprises of a domain name, Website.com, and the files that make up the content of the website. These files are kept on a server or “hosting”. The domain name, in this case Website.com, is linked to the hosting. When you go to www.Website.com you will arrive at the correct hosting.

domain-to-server

You can think of it as your SIM card and your cell phone. The SIM card contains the number which links to the cell phone so that you can receive a phone call to that number.

sim-to-cellphone

If you lose your cellphone you can always use your SIM card with another phone and to the caller there is no noticeable change.

How scammers use this

Domain names are registered with a Domain Name Registrar. Scammers register a scam domain with a Domain Name Registrar and use a separate company to host the scam website. By looking at the WHOIS (registration details) of a domain you can find the email which you need to send an abuse report to shut down a scam website. Petscams.com never attempts to shut down the website hosting as the scammer can recreate the website on another hosting in minutes and continue to scam.shut-down-hosting

By doing this, the scammer can continue to scam people even if the website hosting is shutdown repeatedly.

AA419.org is an online group of volunteers who protect the consumer by finding Scam Websites and shutting them down by filing abuse reports. They actively work with registrars to shut down criminal domains.

How do Domain Name Registrars facilitate scammers?

Many Domain Name Registrars do an excellent job. The Endurance Group, Tucows, GoDaddy and Internet.bs can be counted amongst companies that protect consumers by taking swift action to investigate domains registered by criminals with the intention of scamming consumers. For the purpose of this article we are going to focus on another Domain Name Registrar who actively supports online criminals by providing them with a safe haven. Over one third of the websites reported on PetScams are sponsored by Namecheap INC.


Namecheap INC

I think it is worth repeating. Over ONE THIRD of the websites reported as pet scam websites are sponsored by one company. Petscams.com has had over 4,000 scam websites reported since April 2017.

Namecheap is governed by ICANN Registrar Accreditation Agreement 2013 which states that Namecheap must:

take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse.

However, Namecheap sometimes takes months to respond to abuse reports with:

….Namecheap acts as the registrar only. It means that our ability to investigate the matter is limited since the content transmitted via the website is not located on our server. Please also note that we do not own the reported domain names, we are simply the company the domain name was registered with. Considering the aforementioned points, we recommend that you contact the hosting provider, who would be in a better position to validate your claims and take the appropriate action.

Additionally, if you believe you are a victim of an Internet crime, or if you are aware of an attempted crime, you can file a complaint through Internet Crime Complaint Center at https://complaint.ic3.gov

 , who are in the best position to fully investigate any such issue across any/all service providers.

This can be surmised as “We sponsor the domain but we refuse to look at the website. We are only concerned with the domain name. Tell someone else”

This is neither “prompt” or “appropriate” and if was true would negate the need for the obligatory abuse contact email as per ICANN.

Multiple accounts

As scammers have found a safe haven with Namecheap INC they will register multiple domains without fear of being shut down. Some domains can eventually be suspended after a prolonged campaign but the scammer will simply buy a new domain using the same account and continue scamming. Namecheap does not recognise that an account with 300 domains, 100 of which have been suspended, belongs to a scammer. Each domain required a concerted effort and multiple abuse reports in order to shut them down.

An example of one such scammer is [email protected] which has registered 92 domains to use in Pet Scams in less than a year. Some have been suspended while others have been allowed to continue including  which was reported on April 20th 2017 here  and is still allowed to scam consumers.

 melaneeter@gmail.com Namecheap scammer

Namecheap’s Poor Excuses – “Please Send Abuse Reports to the Host”

To demonstrate how Namecheap is blatantly disregarding the ICANN Registrar Accreditation Agreement (2013) by not actively investigating reports of abuse, the following registrant that owned 182 fake pet and shipping websites was reported to the company by a concerned citizen in 2019. Note the completely false information used to register the domains:

Registrant Name: Morgan Lorga
Registrant Organization: Anonymouse Host
Registrant Street: Down street Rus
Registrant City: welmshi
Registrant State/Province: North West
Registrant Postal Code: 101000
Registrant Country: RU
Registrant Phone: +7.675552377
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]

Registrant Application Purpose: P1
Registrant Nexus Category: C11

A first question can be deduced from this data: “why does Namecheap not check whether the person registering the domains exists, or for that matter whether the registrant city exists?”

This is how Namecheap responded to these blatant pet scam domains with innacurate registrant data:

….Namecheap acts as the registrar only. It means that our ability to investigate the matter is limited since the content transmitted via the website is not located on our server. Please also note that we do not own the reported domain names, we are simply the company the domain name was registered with. Considering the aforementioned points, we recommend that you contact the hosting provider, who would be in a better position to validate your claims and take the appropriate action.”

Furthermore…

Additionally, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the reported domain names. Examples would be a bounced email or postal mail returned due to an invalid address. If you have a bounced email, please copy and paste it to your reply. In the case of returned postal mail, please scan it converting into a PDF file and send to us via email.”

Namecheap decided to not take any reasonable method of investigation and decided that whatever content was available on the website was not their responsibility, despite the fact that it is their obligation to investigate abuse reports. It would also have taken a 2 minute check to see whether the city of “Welshmi” exists, however, they instead decide that the reporting party has to send a postal mail demonstrating the invalid city.

This leads to a second question: “why don’t you just report it to the host as Namecheap recommended?” There are currently no regulations guiding who can host a website which means that the fraudsters themselves, or close acquaintances that are more tech-savvy, often host the fraudulent websites. An example of one rogue web host can be found here.

Namecheap is happy to take victims reinvested cash used by fraudsters to register more fake websites with, no questions asked.

What to do next?

As well as reporting this to the Registrar it is very important to report this crime to your local Law Enforcment. We have compiled a list of Law Enforcement agencies worldwide.You can find a link (here) as well as reporting wire fraud using money transfer agencies (here).

If you live in the US it is important to report this scam to the BBB. Click here to see why. As well as the Better Business Bureau you should report this crime to the Federal Trade Commission. See Here

9 Responses

  1. Namecheap scamming appears to be even more elaborate. They own WhoIsGuard and give it to their scamming customers for free. That precludes a victim from getting contact information of the scammer. Namecheap has successfully defended this action in court. So a victim needs to go to court to get the ball rolling, which is obviously very expensive. Never thought I would view Facebook as a hero, but I hope it crushes Namecheap and doesn’t settle.

    Reply
  2. Nice work and props for doing so.
    Consider: the majority of folks online are not very savvy on the internet, how it works, and do not go much beyond clicking a Like button and perhaps writing one sentence on occasion. It is no wonder that these scams have always worked for many goods and services and will continue to work.
    Pointing to a registrar and their failure to comply does not help those who have been, are, and will continue to be scammed. Most will click a link, get a reply with a (often stolen) photo of cuteness, and send their funds.
    Go click around craiglist in any city and I'd wager it will take a few minutes to find a scam pet post (there are two in my city right now).
    Not sure what to suggest as a solution: education? A new law? Shutting down places like this one?

    Reply
  3. Pingback: Namecheap and Phishers – Caerdydd Cybersecurity Blog

  4. I reported Namecheap to ICANN. I recommend everyone to do so. Perhaps that, and the Facebook lawsuit, will finally knock them out. Their business model is to enable scammers.

    Reply
    • Thank you for your help! Yes, Namecheap are aware of the massive misuse of their services, but as long as the money keeps coming in they simply do not care. We do have several things in the works that will, hopefully, change the game a bit 🙂

      Reply
  5. I contacted Namecheap because someone cloned my client’s site. They copied the ENTIRE Site including photos and contact info of the staff and Principal/owner of the company but replaced the logo and name of the company with a different fraudulent LLC. The infringing site was attempting to commit financial fraud in the tens of thousands. We sent the proof to NameCheap and contacted them several times and they just stated in an email “abuse confirmed, it’s under investigation” and never did anything about it. Because they have do not have customer support except for online chat which directs you to staff in Ukraine, you can only issue an abuse report that will just sit with zero action. Finally, we worked with one of the potential scam victims and we were able to track down the fraudster. Only after threatening them with immediate legal action did they take down the site. NAMECHEAP needs to be brought down their business practices breeds fraud.

    Reply
  6. There has to be a way to bring down Namecheap. They are complicit by helping the criminals keep their websites active. Maybe they should be reported to the IC3 as well. These websites can not continue to exist. We have to do better.

    Reply
  7. I have been getting many requests to send money for all different type breeds of puppies. I know it is a scam but the only way I can think of how they know to email me is thru craigslist, I guess. Each email is not from a company but from a private party. I did my homework and yes, the addresses given are innocent third parties. I would like to forward these saved emails and send them to a investigator but I have no idea who to send to.

    Reply

Leave a Comment

Your email address will not be published.

Have we helped?

If we have helped to warn you of a scam and you would like to thank us please share this post on social media, like our FaceBook page or follow us on Twitter. .
Sharing this article will increase the chances that a possible victims will see it before paying money to a scammer!