Internet Identity

Part of IID’s Takedown Taekwondo Series

In a previous Takedown Taekwondo post we talked about working with site owners and administrators to get phishing pages removed from their hacked websites. Site owners can be a tremendous help in resolving online fraud incidents, and we always seek out their help whenever possible. But site owners aren’t always easy to track down. They may have used a privacy service when registering their domain, or there may not be any contact information or forms on their website. In such cases, all is not lost. Every site on the Internet is hosted somewhere, and hosting companies, known as webhosts, are another important player in getting fraud removed from the Internet.

A webhost provides server space for customers wanting to make their websites available on the Internet. Hosting companies typically have Terms of Service (TOS) policies that include language about illegal content. The webhost doesn’t want to be associated with criminal activity any more than the innocent site owner does, as non-action may be construed as complicity with the illegal acts. This applies both to paid and free hosted websites.

Free Webhosts=Criminal Abuse

Free webhosts—a service that enables individuals and organizations to make their website available on the Internet free of charge—are routinely abused by cyber criminals. Generally speaking, creating a website on a free webhost’s domain is simple, fast and doesn’t require verifiable information from the person creating the website. People can upload content to their own free subdomain and have their own website live on the Internet within a few minutes.

Phishing sites crop up on these free subdomains quite frequently, thanks to this easy path to getting them online. But the companies providing free websites on subdomains are often very responsive to getting that content removed from their domains. Some webhosts are more responsive than others, but with a little persuasion and explanation about how removing the content actually benefits them, their customers and Internet users as a whole, most see the light and make efforts to remove the content.

Paid Webhosts Can Mean Business Conflicts

Paid webhosts operate just like you might expect. They enable legitimate site owners to host their own website on a provider's servers for a fee. Like free webhosts, these paid websites are typically bound to a Terms of Service agreement that governs how the webhost’s service can be used, and it always bars users from conducting illegal activities. Phishing, malware, and other fraudulent content is prohibited, making it a no brainer for the hosting company when IID’s Fraud Analysts ask them to remove phishing sites from their service. Those phishing sites are typically there because a cyber criminal has hacked the website belonging to a customer of the webhost. The webhost might attempt to contact their customer first, giving them the option of removing the content, or they might simply deny access to the phishing page themselves if their customer is unresponsive or uncooperative. In either case, the phishing site becomes inaccessible to the would-be victims who might have otherwise fallen for the scam.

When hacked site owners aren’t available or able to help thwart fraud on their own sites, webhosts can be immensely helpful. But sometimes even webhosts can’t get the job done. Though their own Terms of Service might dictate that no illegal activity is to be permitted on their service, getting paid webhosts to take action can sometimes be challenging. After all, the webhost has an incentive to keep their service clear of fraud, but also to keep their customer happy and paying. Removing files from their websites, or shutting their websites down altogether can upset a paying customer who is also a victim of the criminal hacker. This doesn’t mean webhosts won’t help, but it might mean they don’t act as quickly as we’d like, sometimes giving their customers 24 hours to resolve the issue before being shut down. When phishing sites are defrauding innocent Internet users, 24 hours is a long time to wait, and IID’s Fraud Analysts work to track down other avenues for removal while that clock ticks.

Seeking help from Internet Service Providers (ISP) is another concurrent step we take to find a party willing to act to fight fraud on the Internet. In an upcoming Takedown Taekwondo post, we’ll discuss how working with ISPs can be another successful step in removing phishing sites from the Web.