Dealing with Fraudulent or Hacked Websites and Social Media

The internet is where consumers generally start their search for products and services by researching a provider’s main websites, reviewing their social media pages, and reading reviews from previous customers. But fraud is lurking around every corner on the internet, and lenders a seeing a rise in the creation of fraudulent social media profiles and websites. How can lenders protect consumers, and their brand, from these situations?

Hacked or Fraudulent, What’s the Difference?

Sometimes these terms are used interchangeably to describe a website problem, but it’s important to know that there is a difference between the two terms:

• Hacked Websites
  Hacked websites prey on existing websites and the consumers who visit them often. Hacking occurs when a consumer visits an existing website they are familiar with and one day it starts forwarding to another domain. In this scenario, the true website owner may have rerouted the page, but there is also a good chance that the website itself or the domain name has been hacked. Hackers try to find vulnerabilities in popular website software that lets them forward traffic from the legitimate site to one that tries to install malware or get personal consumer information.

• Fraudulent Websites
  Fraudulent websites are any illegitimate websites created to deceive consumers into fraud or malicious attacks. These new websites may look legitimate by imitating an established companies branding, but these sites have been created outside of those organizations to lure consumers into surrendering vital information or opening their systems up to malicious software (malware).

Finding Nefarious Websites & Social Media

Bad characters are working day and night to scam consumers and commit fraud against businesses. The mortgage and personal finance industries are particularly targeted due to the fundamental requirement of collecting personal consumer information for the purposes of a loan or other financial services.

Institutions should be taking the necessary precautions to guard against these threats by utilizing security providers who can discover fraudulent websites or social media profiles when they are created and identify security threats that might compromise their legitimate websites. When a fraudulent or hacked website is discovered, the next step is to determine who really owns the domain name.

Finding Out Who Owns the Domain Name

All domain name registrars, like GoDaddy, NameCheap, Wix, etc., offer a Whois service that lets you look up any domain’s owner and view certain technical details about the website. In most cases, a domain name used for fraudulent purposes will also have fraudulent information listed in the Whois record. If contact information is obviously fake (e.g., phone numbers that start with 555-), this can be helpful information when reporting the website. When you encounter a website with malicious content or malware, you need to reach out to the web hosting company and/or domain name registrar to report the site. It’s important to understand the difference between a domain registrar and a domain hosting company.

• A Domain Host is an internet service that manages your domain name, such as, example.com. Domain hosts use Domain Name System (DNS) records to connect your domain name with email, websites, and other web services.
• A Domain Registrar can act as “pointers” to websites but don’t always also host the actual content. For example, people who register domain names with Namecheap can use other companies to actually host their content. They tell Namecheap where to point their domain to reach their content. It’s helpful to think of the domain as the street address and the hosting provider as the actual house.

If the problem is with the content of the website, you need to report abuse to the domain hosting provider, as registrars typically cannot take action against content hosted elsewhere.

How to Find the Hosting Provider

To discover who the domain hosting provider is, examine the nameservers in the Whois record to find out where a website is hosted. Here’s an example:

Name Server: NS01.hostingcompanyname.TLD

Sometimes the nameservers will make it easy to determine where the website is being hosted. In other cases, the domain names might point to a service which subsequently points to the actual host. If you can’t determine where a site is hosted right of the bat using the nameservers, you can use a tool like WhoisHostingThis.com to get more details.

When to Contact a Domain Registrar

If the domain name itself is being used for fraudulent purposes, such as phishing scams or impersonation, that’s when the domain registrar should be notified. A common scenario is that your main website domain has been hacked and is rerouting consumers elsewhere. You would also contact the registrar if you determined that some of the contact information in Whois for the domain owner has been updated to fake credentials. To identify the registrar, look for it on the Whois record, like the example below:

Registrar: EXAMPLE REGISTRAR LLC

Once identified, visit to the registrar’s website and look for an abuse or contact link for assistance.

How to Report Abuse to the Domain

Once you know which company is hosting the site, or the registrar of the domain, go to their website and look for a ‘report abuse or fraud’ link, usually found on a Contact page or in the website footer. When reporting, be sure to include as many of the details you’ve collected as possible, including (but not limited to):

• Specific information describing why you believe the website is fraudulent or has been hacked
• The specific URLs for the website in question
• Screenshots if applicable
• Full email headers and content for fraudulent or abusive emails
• Specific details on which Whois information is inaccurate

How to Report Fraudulent Social Media Account

Fraudulent websites are often promoted through fraudulent social media accounts. Each social media platform will have their own reporting process in place, but generally platforms require users to use a "report page" function on their website and then will often request proof similar to what is suggested for reporting to a domain host, as well as proof of trademark ownership, when applicable. 

Why a Domain Host or Registrar May Not Take Action

While domain hosts and registrars rely on companies and consumers to bring abuse to their attention, they cannot take action against every single site reported to them. Domain registrars and hosting providers may receive hundreds of abuse reports every week, reviewing and analyzing each report takes time.

In some cases, if there is insufficient information to warrant removing the site then the reported content may not meet the domain host or registrar’s criteria for removal. In other cases, the company is not the provider of the content in question and therefore cannot take action. Some institutions chose to enlist the help of an Internet Fraud Lawyer to pursue legal remedies for fraudulent or hacked websites.

Plan for the Worst

Organizations should continue to stay vigilant in their efforts against internet fraud. Lenders should leverage monitoring tools, like ActiveComply, to keep an eye out for fraudulent internet activity and have policies & procedures in place to deal with worst case scenarios when they are discovered. P&Ps should include responsibilities for specific roles, requirements for announcements of fraud when discovered, remediation processes with consumers, etc.