November 15, 2020
Following the multiple attempts to trick Armenian users into going to the fake Himnadram.org websites, our good friend and digital security expert Garen Melikyan has prepared this useful guide on how to bring down fake or phishing websites․
Actions Needed:
Please see below steps to follow when bringing down a phishing website.
This is guidance from ICANN (Internet Authority).
How to bring down a phishing website impersonating a website and domain
1) If you are not the owner of the website, find contact information of the website owners and contact them via all means possible including social media.
2) Post about the problem on Armenian Social media groups dedicated to Cyber Security.
https://www.facebook.com/groups/OWASP.Armenia
https://www.facebook.com/groups/cybergatesarmenia
3) Perform whois search on the offending website
To identify who is the website hosting company you need to perform whois search on you domain
Guide on how to perform whois:
https://www.inmotionhosting.com/support/domain-names/how-to-look-up-domain-whois/
4) Report a complaint to the registrar of the domain name
EXAMPLE: If your whois search identified the hosting company – example www.namecheap.com
Registrar URL: http://www.namecheap.com
Registrar Abuse Contact Phone: 12345678909
To report abuse : https://www.namecheap.com/support/knowledgebase/article.aspx/9196/5/how-and-where-can-i-file-abuse-complaints
5) Do a social media (linkedin.com) search for executives of the domain registrar and contact them directly if possible.
Do not send anything offensive, just factual information.
6) Report a complaint to the law enforcement agency in your jurisdiction
Guidance for Preparing Domain Name Orders, Seizures & Takedowns: https://www.icann.org/en/system/files/files/guidance-domain-seizures-07mar12-en.pdf
For US: https://complaint.ic3.gov/
For Europe: https://www.europol.europa.eu/report-a-crime/report-cybercrime-online
For UK: https://www.actionfraud.police.uk/
For Armenia: https://www.police.am/en/home.html
7) Report a complaint with the consumer protection agency in your jurisdiction.
You will find the list of consumer agencies that are Members of ICPEN on this page: https://www.icpen.org/resolve-dispute
For Armenia: http://www.competition.am/
8) Report a complaint through the Anti-Phishing Working Group (APWG) website’s Report Phishing page (https://apwg.org/contact-us/)
9) Report a complaint to the registry of the domain extension
(You may find the contact details of .COM and .NET registries here: https://www.iana.org/domains/root/db)
Information on other domain registrars can be located on the Internet.
– Report a complaint to the registrar of the domain name
– If someone has registered a domain name that you believe infringes on your trademark, you may consider filing a Uniform Domain Name Dispute Resolution Policy (UDRP) proceeding against the registrant of that domain.
The UDRP provides a mandatory, low-cost administrative procedure to resolve claims of abusive, bad faith domain name registration. In other situations, disputes may need to be resolved by traditional means such as voluntary negotiation and lawsuits.
If you have questions relating to the fees and filing of the UDRP complaint, you will need to contact one of the approved dispute resolution providers (https://www.icann.org/resources/pages/providers-6d-2012-02-25-en) for assistance.
The following are useful links for reference.
Rules for Uniform Domain Name Dispute Resolution Policy
https://www.icann.org/resources/pages/udrp-rules-2015-03-11-en
Information on ICANN’s Uniform Domain Name Dispute Resolution Policy