Trust no one? Do­main names ques­tioned,

New Zealand’s slice of cy­berspace is al­ready far from squeaky clean and it’s about to get less opaque . Tom Pullar-Strecker re­ports.

Sunday Star-Times - - BUSINESS -

The war against scam­mers is not be­ing won and the coun­try’s Do­main Name Com­mis­sion could do more to im­prove con­fi­dence in ‘‘.nz’’ web­sites, cy­ber-safety or­gan­i­sa­tion Net­safe says.

Ex­ec­u­tive di­rec­tor Martin Cocker said Ki­wis shop­pers had a false sense of se­cu­rity about ‘‘.co.nz’’ web­sites, which de­spite ap­pear­ing to have a Kiwi con­nec­tion, could be set up by any­one in the world un­der a fake iden­tity.

Do­main name com­mis­sioner Deb­bie Mon­a­han opened the door to a sig­nif­i­cant con­ces­sion, telling Stuff that the non-profit com­pany could con­sider ran­dom checks on the ‘‘.nz’’ reg­istry to check de­tails pro­vided by web­site own­ers were not fake. Shirley Boys stu­dent Loyal Pate­le­sio fears he may have learnt the hard way that web­sites are not nec­es­sar­ily more trust­wor­thy just be­cause they end in ‘‘.nz’’.

He is wor­ried he will be left $200 out of pocket af­ter or­der­ing a pair of Nike bas­ket­ball shoes through nzs­neaker.co.nz. The shoes were for his birth­day and to use dur­ing a na­tional bas­ket­ball sec­ondary schools com­pe­ti­tion, but he was con­cerned they would not show up af­ter read­ing warn­ings about the site since plac­ing his or­der.

Watch­dog web­site sca­mad­vi­sor.com de­scribed the on­line shoe shop as ‘‘high risk’’ and car­ried com­ments from shop­pers who said they had been over­charged and re­ceived fake goods.

Mel­bourne-based Nike spokes­woman Jamie Wil­liams said it had re­ported nzs­neaker.co.nz to the ‘‘rel­e­vant au­thor­i­ties’’ in New Zealand.

‘‘Coun­ter­feits are likely to be of in­fe­rior qual­ity, and Nike is ob­vi­ously un­able to stand be­hind a coun­ter­feiter’s prod­uct,’’ she said.

Mon­a­han said red flags on nzs­neaker.co.nz in­cluded the fact it used a Hot­mail ad­dress for email con­tact. The pay­ment page where cus­tomers are asked to en­ter their credit card de­tails is not en­crypted.

Ac­cord­ing to Google’s Chrome web browser, that means any credit card in­for­ma­tion en­tered is not se­cure and could be stolen.

Like all ’’.nz’’ web­sites, nzs­neaker.co.nz is sup­posed to pro­vide a con­tact name, ad­dress and phone num­ber which can be searched on­line through the ’’who is’’ reg­is­ter op­er­ated by the Do­main Name Com­mis­sion.

Nzs­neaker says on its web­site that it has ‘‘a unique her­itage span­ning over 35 years’’.

But on­line checks show its web­site was first reg­is­tered with New Zealand’s DNC in 2015 by a ‘‘Chaofeng Wu’’ with an ad­dress in China.

The phone num­ber Wu sup­plied the DNC was not an­swered last week.

‘‘What I can’t un­der­stand is the fact that this web­site is still al­lowed on the in­ter­net,’’ Pate­le­sio said.

Checks by Stuff showed an­other on­line shoe store with a sim­i­lar sound­ing ad­dress, www.nzs­neak­ers.co.nz, had reg­is­tered its web­site to a Robert Ralph – us­ing the ad­dress and main re­cep­tion phone num­ber of the Mar­riott Ho­tel on New York’s Times Square.

Mon­a­han said the DNC did not ver­ify the de­tails web­site own­ers sup­plied un­less it re­ceived a com­plaint, in which case it would fol­low up and cancel the do­main if they weren’t cor­rected.

But Cocker be­lieved it should con­duct more checks.

‘‘I would like to see the DNC do ev­ery­thing it can to main­tain the in­tegrity of do­main names – not just the tech­ni­cal in­tegrity but to build con­sumer con­fi­dence that if you are reg­is­tered with a ‘.co.nz’ ad­dress that at least in­for­ma­tion about you is ver­i­fied,’’ he said.

‘‘Most peo­ple think that be­cause some­thing has a ‘.co.nz’ ad­dress, it is a New Zealand busi­ness, but the ad­dress gives you no real in­for­ma­tion about the lo­ca­tion of the com­pany.’’

The re­sult was ‘‘ab­so­lutely’’ a false sense of se­cu­rity, he agreed.

‘‘When it comes to on­line scams and fraud, we are re­ally strug­gling as a com­mu­nity to come up with any se­ri­ous re­sponse,’’ Cocker said.

‘‘We are not get­ting suc­cess­ful pros­e­cu­tions. We are not pre­vent­ing peo­ple fall­ing for scams, and we have got an en­vi­ron­ment that en­ables peo­ple to pop up scam sites and then dis­ap­pear.

‘‘We have good progress with things like cy­ber-bul­ly­ing and this is the next thing we re­ally need to fo­cus on.

‘‘We have en­tered into an era with the in­ter­net where we are look­ing to build con­fi­dence in the in­fra­struc­ture and busi­nesses – that is a re­spon­si­bil­ity for all of us now.’’

Mean­while, a DNC pol­icy change that will take af­fect next month will make web­site own­er­ship more opaque.

From Novem­ber 28, reg­is­trants who are set­ting up non­com­mer­cial web­sites have the op­tion of leav­ing their de­tails off the ‘‘who is’’ data­base al­to­gether to pro­tect their pri­vacy.

Al­though com­mer­cial web­site own­ers are not sup­posed to have that op­tion, the DNC has ac­knowl­edged it won’t be able to tell whether the ex­clu­sion should ap­ply or not at the time of reg­is­tra­tion.

Cocker said he un­der­stood the pri­vacy con­cerns be­hind the pol­icy, but it ‘‘cer­tainly didn’t help’’ or­gan­i­sa­tions such as Net­safe and the po­lice who might want to mon­i­tor and in­ves­ti­gate web­sites.

‘‘It is go­ing to add an ex­tra step to that process.’’

There are more than 680,000 ‘‘.nz’’ web ad­dresses.

Mon­a­han said it would not be ap­pro­pri­ate for the DNC to act as ’’judge and jury’’ by polic­ing their ac­tiv­i­ties as that would give the DNC ‘‘too much power’’. But it did take down ‘‘one or two’’ sites a month in re­sponse to com­plaints about breaches of its rules.

Reg­is­ter­ing ‘‘.nz’’ sites is a big earner for the DNC’s owner, non­profit so­ci­ety In­ter­netNZ, which last year raked in more than $10 mil­lion in ’’.nz’’ web­site reg­is­tra­tion fees.

But only $2m of that went to the DNC, and Mon­a­han said the DNC was con­strained by the fact it was a small com­pany with only six staff.

Other big ex­penses for In­ter­netNZ in­clude com­mu­nity ini­tia­tives and lob­by­ing.

Mon­i­tor­ing one in 100 sites each year to check reg­is­tra­tion de­tails were cor­rect ‘‘might very well be some­thing we would look at’’, but at the mo­ment the DNC was ‘‘quite busy’’, Mon­a­han said.

She said it was plan­ning an ‘‘in­for­ma­tion cam­paign’’ around its Novem­ber pol­icy change which she ex­pected would make peo­ple more aware of their rights to com­plain about fake reg­istry de­tails.

The DNC could add its own phone num­ber to its own web­site – in ad­di­tion to its email ad­dress – to make it eas­ier to con­tact, she agreed.

SAFETY CHECK

- Does the web­site pub­lish an ad­dress and phone num­ber so you know you can con­tact them if there is an is­sue?

- En­ter the web­site name into a watch­dog ser­vice such as sca­mad­viser.com.

- Check for a pad­lock or key sym­bol in the ad­dress bar or else­where in your browser be­fore key­ing in your credit card de­tails.

There is lit­tle to stop un­scrupu­lous traders from reg­is­ter­ing ‘‘.nz’’ or other web­sites un­der false names with fake con­tact in­for­ma­tion.

GRAHAME COX/STUFF

Martin Cocker says we are strug­gling to re­spond to scams.

Newspapers in English

Newspapers from New Zealand

© PressReader. All rights reserved.