On 25th January 2017, we received a spam-scam from a domain that purported to be that of the UK's tax office, Her Majesty's Revenue and Customs. The fake domain incorporated the initials of the UK Government's in-house PR agency, GIS. Even more interestingly, it included, as its last three letters, "gov". HMRC does release information via GSI from the domain hmrc.gsi.gov.uk. GSI issued a statement regarding fraudulent e-mails and requested that e-mails be sent to phishing team phishing@hmrc.gsi.gov.uk. The fraudulent domain was hmrcgsigov.com. Spot the similarities.

On that day, we attempted to report the fraudulent domain to ICANN

We immediately came up against a problem: despite the widespread use of domain names as vehicles for fraud and other crimes, ICANN does not have a specific, directly accessible, place to report fraudulent domains. It is necessary to choose one of several not-quite-what-you-want reporting forms.

In the absence of an appropriate form, we chose to file an "inaccuracy report." There is a copy of our report below.

Inaccuracy report filed 25 January 2017.

The problem summary:

Domain being reported: hmrcgsigov.com

Time of submission/processing: Wed Jan 25 02:25:33 2017

Problem in whois block: Expiration Date
--- Error in date: Nothing to report

Problem in whois block: Technical Contact
--- Error in address: Nothing to report
--- Error in phone number: Nothing to report
--- Error in name: Nothing to report
--- Error in email: Nothing to report
--- Error in fax number: Nothing to report

Problem in whois block: Registrant Contact
--- Error in address: Nothing to report
--- Error in name: Nothing to report
--- Comment: The registration data seems to be fraudulent. However, the significant issue is that the domain itself is a fraudulent creation.

Problem in whois block: Registration Date
--- Error in date: Nothing to report

Problem in whois block: Administrative Contact
--- Error in address: Nothing to report
--- Error in phone number: Nothing to report
--- Error in name: Nothing to report
--- Error in email: Nothing to report
--- Error in fax number: Nothing to report

The whois at the time of processing is:

REGISTRAR WHOIS:

Domain Name: HMRCGSIGOV.COM
Registry Domain ID: 2091326326_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: www.publicdomainregistry.com
Updated Date: 2017-01-19T13:46:17Z
Creation Date: 2017-01-19T08:57:04Z
Registrar Registration Expiration Date: 2018-01-19T08:57:04Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Domain Status: clientTransferProhibited
https://icann.org/epp#clientTr...
Registry Registrant ID: Not Available From Registry
Registrant Name: den
Registrant Organization:
Registrant Street: 34 South Molton street
Registrant City: London
Registrant State/Province: London
Registrant Postal Code: W1K 5RG
Registrant Country: GB
Registrant Phone: +44.24535856
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: jetjoylinkss@yahoo.com
Registry Admin ID: Not Available From Registry
Admin Name: den
Admin Organization:
Admin Street: 34 South Molton street
Admin City: London
Admin State/Province: London
Admin Postal Code: W1K 5RG
Admin Country: GB
Admin Phone: +44.24535856
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: jetjoylinkss@yahoo.com
Registry Tech ID: Not Available From Registry
Tech Name: den
Tech Organization:
Tech Street: 34 South Molton street
Tech City: London
Tech State/Province: London
Tech Postal Code: W1K 5RG
Tech Country: GB
Tech Phone: +44.24535856
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: jetjoylinkss@yahoo.com
Name Server: ns1.hmrcgsigov.com
Name Server: ns2.hmrcgsigov.com
DNSSEC:Unsigned
Registrar Abuse Contact Email: abuse-contact@publicdomainregi...
Registrar Abuse Contact Phone: +1.2013775952
URL of the ICANN WHOIS Data Problem Reporting System:
http://wdprs.internic.net/

Last update of WHOIS database: 2017-01-25T02:30:04Z

As readers can see, we were unable to report e.g. fraudulent addresses (although local knowledge told us that it was unlikely that the London address given was accurate)

What we were actually reporting was that the domain name itself was fraudulent but the only place to do that is in a free form note.

This means that our note can be identified only by the note being read (e.g. by searches for keywords that ICANN sets) and not automatically fast-tracked to a department dealing with fraud.

Fast (sarcasm) forward to today, more than two months after that report. We have received a reply that says "Thank you for submitting a Whois Inaccuracy complaint concerning the domain name hmrcgsigov.com. ICANN has reviewed and closed your complaint because:

- A complaint regarding the same domain name or top-level domain is currently being processed... ICANN considers this matter now closed."

The fraudsters created the account only six days before we received the spam and reported it. We very much doubt that we were in the first wave of victims.

The domain is down but we do not have any information as to when it went down.

The fact is that unless ICANN acted within hours of our notice, then there are likely to have been more victims. If, as seems likely, it has taken them several weeks to act, then the number of victims could be substantial.

ICANN's failure to protect internet users from fraudsters is a disgrace. Its recent attempts to verify addresses is clearly not working, or this address would have failed to launch.

There are many steps it can take to frustrate the issue of fraudulent domains and/or their use. It chooses not to and the US Government, which is the primary empower of ICANN, conspires with the industry to avoid the necessary steps.