CIRA investigating dot-ca phishing scammers, CEO says

The Canadian Internet Registration Authority (CIRA) is working with police to investigate a phishing scam that targeted dot-ca domain owners, according to its CEO Byron Holland.

The PayPal page set up by the scammers to collect payments from unsuspecting Web site owners has also been taken down, Holland says. Last week, CIRA posted a warning that a site called Renewdomain.ca was sending out fake e-mail renewal notices to dot-ca registrants. Those who clicked through on the link were encouraged to pay up to renew their Web domain – but the site was a fraud, CIRA alleges, taking payment for no real service.

CIRA worked with the registrar used to operate Renewdomain.ca to take the site down last week. It’s not sure who is behind the scam, but is investigating the matter with police.

“We take it very seriously,” Holland tells ITBusiness.ca in a phone interview. “Having a secure domain space is critical to what we do. It’s woven into our DNA and our mandate.”

These sorts of scams don’t happen often, he adds. “Is it possible for someone to try and operate a scam in the dot-ca space? Yes it is.” When CIRA does become aware of scams, it immediately responds and involves the police.

In this case, Renewdomain.ca was not a CIRA certified registrar and merely posing as one in hopes of collecting payment from Web site owners not paying close attention, or who perhaps don’t remember who their original registrar is in the first place. But it’s not the first time CIRA has seen the lack of awareness dot-ca holders have of their registrars seized upon by opportunists.

CIRA revoked the licence of Markham-based Brandon Gray Internet Services Inc. on Jan. 28, 2011 so it could no longer sell dot-ca addresses. The root of the problem lay in the activities of the one of Brandon Gray’s resellers, the Domain Registry of Canada (DROC). CIRA accused, in court, DROC of sending misleading solicitations to domain owners.

But DROC is still selling dot-ca domains today, now a reseller of eNom Inc. That’s the registrar that is responsible to CIRA, Holland says.

“We hold them fully accountable,” he says. “So if there are any bad actors, or dot-cas are sold improperly, then they will be held to account.”

It’s also up to Web site registrants to be aware of possible scams and to educate themselves about how to avoid these scenarios, Holland adds. CIRA’s Web site offers a knowledge centre with a cyber security consumer tip sheet and other resources.

Holland’s own advice on avoiding scams online? If you receive an unsolicited e-mail asking for money, think twice. Don’t click on links in the e-mail, but go to the site in question independently and check on the status of your account.

Brian JacksonBrian Jackson is the Editor at ITBusiness.ca. E-mail him at bjackson@itbusiness.ca, follow him on Twitter, connect on , read his blog, and check out the IT Business Facebook Page.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Brian Jackson
Brian Jacksonhttp://www.itbusiness.ca
Editorial director of IT World Canada. Covering technology as it applies to business users. Multiple COPA award winner and now judge. Paddles a canoe as much as possible.

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.