The internet is where consumers generally start their search for products and services by researching a provider’s main websites, reviewing their social media pages, and reading reviews from previous customers. But fraud is lurking around every corner on the internet, and lenders a seeing a rise in the creation of fraudulent social media profiles and websites. How can lenders protect consumers, and their brand, from these situations?
Hacked or Fraudulent, What’s the Difference?
Sometimes these terms are used interchangeably to describe a website problem, but it’s important to know that there is a difference between the two terms:
Finding Nefarious Websites & Social Media
Bad characters are working day and night to scam consumers and commit fraud against businesses. The mortgage and personal finance industries are particularly targeted due to the fundamental requirement of collecting personal consumer information for the purposes of a loan or other financial services.
Institutions should be taking the necessary precautions to guard against these threats by utilizing security providers who can discover fraudulent websites or social media profiles when they are created and identify security threats that might compromise their legitimate websites. When a fraudulent or hacked website is discovered, the next step is to determine who really owns the domain name.
Finding Out Who Owns the Domain Name
All domain name registrars, like GoDaddy, NameCheap, Wix, etc., offer a Whois service that lets you look up any domain’s owner and view certain technical details about the website. In most cases, a domain name used for fraudulent purposes will also have fraudulent information listed in the Whois record. If contact information is obviously fake (e.g., phone numbers that start with 555-), this can be helpful information when reporting the website. When you encounter a website with malicious content or malware, you need to reach out to the web hosting company and/or domain name registrar to report the site. It’s important to understand the difference between a domain registrar and a domain hosting company.
If the problem is with the content of the website, you need to report abuse to the domain hosting provider, as registrars typically cannot take action against content hosted elsewhere.
How to Find the Hosting Provider
To discover who the domain hosting provider is, examine the nameservers in the Whois record to find out where a website is hosted. Here’s an example:
Name Server: NS01.hostingcompanyname.TLD
Sometimes the nameservers will make it easy to determine where the website is being hosted. In other cases, the domain names might point to a service which subsequently points to the actual host. If you can’t determine where a site is hosted right of the bat using the nameservers, you can use a tool like WhoisHostingThis.com to get more details.
When to Contact a Domain Registrar
If the domain name itself is being used for fraudulent purposes, such as phishing scams or impersonation, that’s when the domain registrar should be notified. A common scenario is that your main website domain has been hacked and is rerouting consumers elsewhere. You would also contact the registrar if you determined that some of the contact information in Whois for the domain owner has been updated to fake credentials. To identify the registrar, look for it on the Whois record, like the example below:
Registrar: EXAMPLE REGISTRAR LLC
Once identified, visit to the registrar’s website and look for an abuse or contact link for assistance.
How to Report Abuse to the Domain
Once you know which company is hosting the site, or the registrar of the domain, go to their website and look for a ‘report abuse or fraud’ link, usually found on a Contact page or in the website footer. When reporting, be sure to include as many of the details you’ve collected as possible, including (but not limited to):
How to Report Fraudulent Social Media Account
Fraudulent websites are often promoted through fraudulent social media accounts. Each social media platform will have their own reporting process in place, but generally platforms require users to use a "report page" function on their website and then will often request proof similar to what is suggested for reporting to a domain host, as well as proof of trademark ownership, when applicable.
Why a Domain Host or Registrar May Not Take Action
While domain hosts and registrars rely on companies and consumers to bring abuse to their attention, they cannot take action against every single site reported to them. Domain registrars and hosting providers may receive hundreds of abuse reports every week, reviewing and analyzing each report takes time.
In some cases, if there is insufficient information to warrant removing the site then the reported content may not meet the domain host or registrar’s criteria for removal. In other cases, the company is not the provider of the content in question and therefore cannot take action. Some institutions chose to enlist the help of an Internet Fraud Lawyer to pursue legal remedies for fraudulent or hacked websites.
Plan for the Worst
Organizations should continue to stay vigilant in their efforts against internet fraud. Lenders should leverage monitoring tools, like ActiveComply, to keep an eye out for fraudulent internet activity and have policies & procedures in place to deal with worst case scenarios when they are discovered. P&Ps should include responsibilities for specific roles, requirements for announcements of fraud when discovered, remediation processes with consumers, etc.