Feedback scammers attempting to extort millions from 5,000 major companies

Only you can fix this, ICANN!

David bisson
David Bisson
@
@DMBisson

Feedback scammers attempting to extort $3M from 5,000 major companies

Scammers are leveraging the promise of customer feedback as part of a scheme to extort US $3 million from 5,000 major companies.

This newest ruse boils down to ICANN’s decision to create the .feedback top-level domain (TLD). Sure, companies can use the TLD to set up a website where they can invite users to comment on the services they provide. But that’s assuming they’re the first to register a .feedback domain for their brand.

To illustrate, take a look at the following image:

Sign up to our free newsletter.
Security news, advice, and tips.
Screen shot 2017 06 30 at 11.16.29 am
Screen shot of “google.feedback”

The above graphic is a screenshot of google.feedback. While the domain bears Google’s name, the Mountain View-based tech giant had nothing to do with setting up the website. It’s the work solely of scammers.

These individuals have registered .feedback domains for 5,000 major companies. Visitors to those websites can submit feedback that the victim companies can’t automatically view. Indeed, many businesses probably don’t know the sites even exist.

But in the event they do discover the .feedback domains, that doesn’t mean the companies don’t have a say in the matter. Tom Limoncelli of Everything Sysadmin clarifies that point:

“If they do discover it, they are given a choice: Pay $20/month to receive the feedback, or pay $600/year to take the web site down. Of course, there is a free option: Just let the site remain and suffer as people send their feedback and feel ignored.”

Assuming every company pays, the scammers would walk away with $3 million. That’s not bad considering it probably cost them at most $60,000 to register the domains at $10-$12 a piece.

But let me be clear: none of the companies should pay to have the sites taken down. Instead they should file separate complaints with the Internet Corporation for Assigned Names and Numbers (ICANN). If it receives a sufficient number of reports indicating abuse, ICANN might respond by disabling .feedback as a TLD.

That would probably be for the best.

Affected companies should also look to control the narrative by creating their own feedback channels hosted on their websites. Such a move wouldn’t prevent some users from looking up their misused .feedback domains. But it would communicate the companies’ willingness to receive and respond to users’ feedback.

Over time, these channels could ultimately overshadow the .feedback sites even if ICANN decides not to disable the TLD.


David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

2 comments on “Feedback scammers attempting to extort millions from 5,000 major companies”

  1. Pagjsp

    Graham – Would you advise companies to pre-register their "MyCompany.Feedback" domain name as a defensive measure? Or, should we wait and see what ICANN decides to do?

  2. furriephillips

    I wouldn't bank on ICANN actually doing anything, They've had their cut…

    Though this looks more promising than they have been in a long time http://www.circleid.com/posts/icann_spam_offenders_knujon_report/

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.