Scams and identity theft, the experience of a SYRELI reporter

Current trends

For some time the SYRELI College has noted that holders of domain names register domain names similar to company names (“ndd.fr*”) that they then use to create e-mail addresses of the type “billing@ndd.fr”, “contact@ndd.fr”, “info@ndd.fr” etc.

Using these email addresses, the same holders contact companies to be given supposedly lost passwords or even open customer accounts to place orders with suppliers. Orders placed are then billed to the names of companies whose corporate names have been usurped when the goods have been delivered to the holders of the similar domain names.

The Law

Article 313-1 of the French Criminal Code of Law provides that: “Fraud is the de facto use of a false name or under false pretences, or the misuse of a genuine status, or the use of fraudulent procedures, in order to deceive an individual or corporate entity and thus persuade same, to its own prejudice or to the prejudice of a third party, to transfer funds, securities or property, provide a service or consent to an act incurring or discharging an obligation.

Fraud is punishable by five years imprisonment and a fine of 375,000 euros.”

The SYRELI response

Companies that are victims of this type of situation submit a SYRELI application on the platform and the related evidence such as:

• Screenshots of web pages to which the domain name refers if the pages contain the mailing address of the corporate victim as well as the contact email address using the domain name info@ndd.fr;

• Screen captures of emails received by providers when these emails demonstrate the steps taken by the owner using the domain name based on the lastname.firstname@ndd.fr model in order to open accounts in the name of the corporate victim and place orders to be billed to the mailing address of the corporate victim and to be delivered to an ad hoc address;

• Exchanges of emails with partners of the corporate victim contacted via an email address constructed on the firstname.lastname@ndd.fr model in which the first and last name are those of a representative of the corporate victim (director, president, manager, sales manager, etc.);
• Job offers disseminated by the holder for the packaging, receipt and dispatching of home work parcels distributed over the Internet and by e-mail on behalf of the corporate victim using a contact email address referencing the domain name based on the recruitment@ndd.fr model;
• A copy of the complaint from the corporate victim for fraud upon receipt of invoices, payment reminders and prosecution for the payment of orders placed by the holder of the domain name.

When the documents filed on the platform allow the SYRELI College to verify that the domain name is liable to infringe a right guaranteed by law and in particular that governed by Article 313-1 of the Criminal Code of Law which defines the act of fraud, then the SYRELI College considers that the corporate victim has demonstrated the bad faith of the holder of the domain name as defined in Article R. 20-44-46 of the French Electronic Communications and Telecommunications Act (CPCE), and decides that the name domain does not comply with the provisions of Article L. 45-2 of the CPCE.

The corporate victim then obtains what it has requested from the SYRELI College, i.e. either the transmission or the deletion of the domain name.

Turning the tables

These usurpers typically register their domain names without complying with the Afnic naming charter and rules for registering French TLDs. Specifically, rather than comply with paragraph 86, which requires that all holders of domain names indicate exact identifiers, they indicate the postal addresses of the representatives of the corporate victims.

However, holders gain access to the SYRELI platform by sending the access codes to the email and postal addresses indicated by the holder of the domain name.

In this way the corporate victim is notified at its postal address of the opening of the SYRELI procedure concerning the holder. Using the codes enabling access to the platform of the holder, it replies as the holder thereby proving that the contact information in the whois database is its own, apart from the email address.

In its reply, the corporate victim indicates it has not registered the domain name and requests its transfer to the applicant in the SYRELI procedure, which amounts to a request for a transfer from the company to itself!

In doing so, the representatives of corporate victims have the last word!

* ndd.fr in this case is a fictitious domain name used as an example unrelated to that registered by its holder