Reining in the Fraudsters: Policing Scam Websites

Written by

Police and law enforcement continue to battle online fraud, which has seen a surge in recent years  with scammers exploiting internet use in areas like shopping and dating since the COVID-19 pandemic.

Despite law enforcement’s efforts and significant progress in cracking down on malicious websites, many individuals that rely on the digital world for vital services remain vulnerable to online scams.

Speaking to Infosecurity, Detective Sergeant Andrew Masterson, Police Intellectual Property Crime Unit (PIPCU)’s Disruptions and Engagement Lead, noted: “There was already a high volume of online crime pre COVID-19, although a surge of users during the pandemic opened an opportunity for criminals to exploit those who would usually purchase items in person.”

This trend has substantially increased opportunities for online scammers. A poll published by the charity Citizens Advice in 2022 found that over three-quarters of UK adults were targeted by online fraudsters, while research in February 2023 by F-Secure showed that around a fifth of Brits have fallen victim to online scammers.

A major component of online scams is the use of fake and counterfeit websites. These use current events, from COVID-19 vaccines to government support schemes, to lure victims.

During the COVID-19 lockdowns, organized crime groups involved in areas like drugs and armed robberies, “exponentially” shifted to online fraud, said Neil Sinclair, Formerly National Cyber Lead of Police Digital Security Centre in the UK, speaking during the UK Cyber Week conference in April 2023.

“What they could suddenly do was rake out £15, £100, £250 from people to get a COVID test or password,” he explained. “Hundreds of thousands of people fell for that because they were panicked.”

Sinclair also noted that there has been a marked rise in sites that impersonate well-known brands and websites. This includes sites that allowed users to download interactive maps showing where COVID was spreading.

“John Ruskin University, which was at the center of all this information, their website and mapping was copied hundreds of times by criminals and we were downloading it, thinking that we were doing the right thing,” he told the audience.

Since then, Sinclair said that concerning topical issues, such as the cost-of-living crisis, have been heavily utilized to entice victims to scam websites.

Taking on the Scammers

In response to these ongoing threats, private companies and law enforcement have ramped up efforts to disrupt fraudsters’ activities, including identifying and taking down malicious websites. For example, during the early stages of the COVID-19 pandemic, North American domain registration companies took action to combat websites linked to coronavirus-related fraud.

In the UK, the organization responsible for the management and security of the .uk domain name, Nominet, has taken a number of steps to take down and prevent malicious websites from being created in the first place.

Initiatives include the use of tools such as Nominet’s machine learning solution, Domain Watch, which scores the likelihood of a domain being used for phishing based on a range of predefined words or phrases.

An arguably even more crucial component is partnerships, whereby intelligence is used to identify suspicious activity. Nominet works closely with its registrars to try and prevent criminal activity occurring.

Steve Herbert, head of service delivery at Nominet, told Infosecurity: “If a registrar has a high number of suspensions, we’ll feed that information back and engage in a dialogue with them about what might be going wrong and how we can help.” 

"Research has shown that criminals act within poly crime types and in several product areas"

Another important collaboration is with law enforcement, including the PIPCU, which has led to many malicious websites being taken down following requests from the Police.

“These relationships give us a two-way dialogue to discuss potentially malicious activities in depth, and how to tackle them together,” Herbert noted.

PIPCU’s Masterson emphasized the importance of law enforcement gathering intelligence from a range of sources, noting that criminal gangs involved in online scams are often involved in multiple illegal activities. This means working with experts in the private sector who have access to large amounts of intelligence which the PIPCU seeks to connect with.

Masterson noted: “Research has shown that criminals act within poly crime types and in several product areas. PIPCU seeks to target high harm offenders who would seek to profit from not only deceiving the public, but also by selling them harmful products and profiting from it. We can link this crime type to a wide variety of victim harm crimes, such as modern day slavery, sexual exploitation, drugs and gun crime.”

Encouragingly, these efforts appear to be having an impact. Figures published by Nominet in March 2023 found that 2106 domains were suspended due to criminal activity in 2022, representing a 49% reduction on the previous year.

The study also found that fewer criminals are using the .uk registry for counterfeiting purposes, with PIPCU reporting just 1083 domains from November 1, 2021 to October 31, 2022. This is a result of PIPCU’s work in mapping organized crime groups specifically targeting consumers on the internet relating to counterfeit goods and fraud.

A Game of Cat and Mouse

Despite the progress in tackling malicious domains, scammers continue to evolve their techniques to overcome mitigation practices. Herbert said there has recently been a shift away from crude “smash and grab” activities, such as fake shops, towards “more slow and subtle activity that tries to go under the radar.”

He also noted that the growth of AI programs is enabling criminals to create websites and communications that look more realistic.

For example, OpenAI’s ChatGPT, which became publicly available in November 2022, is expected to be leveraged by cyber threat actors to launch sophisticated attacks, including malware development and convincing social engineering scams.

Another trend observed by Herbert is that cyber-criminals are getting better at faking registrants ID’s, which are required to purchase a domain. “We need to ensure that our verification processes are up to scratch at the point of registration, and this is something that we’re continually improving, and it remains robust,” he added.

Strengthening Mitigations 

Against this backdrop, law enforcement and relevant stakeholders must continuously expand intelligence sharing and the use of innovative tools to track and monitor suspicious websites.

Additionally, public awareness and education remains a crucial weapon in the fight against online fraud as some scam website will inevitably slip through the net.

Herbert highlighted Nominet’s work in using the landing pages of suspended websites to share advice and information for people who may have been a victim, rather than simply leaving an error message.

Masterson said that public awareness campaigns, such as the ‘Take Five to Stop Fraud’ initiative, are playing a crucial role on educating people about how to be more aware of criminal activity online.

“As we continue to raise awareness, we are finding the public already has a wider awareness of what to check and look for to protect themselves. Before purchasing online, the public checks the sites they are using and are aware of the process to challenge and report,” he outlined.

With the game of cat and mouse between attackers and defenders set to continue for the foreseeable future, it’s crucial that relevant organizations don’t rest on their laurels and work to keep up with fraudsters evolving techniques.

What’s hot on Infosecurity Magazine?