Scammers are leveraging the promise of customer feedback as part of a scheme to extort US $3 million from 5,000 major companies.
This newest ruse boils down to ICANN’s decision to create the .feedback
top-level domain (TLD). Sure, companies can use the TLD to set up a website where they can invite users to comment on the services they provide. But that’s assuming they’re the first to register a .feedback
domain for their brand.
To illustrate, take a look at the following image:
The above graphic is a screenshot of google.feedback
. While the domain bears Google’s name, the Mountain View-based tech giant had nothing to do with setting up the website. It’s the work solely of scammers.
These individuals have registered .feedback
domains for 5,000 major companies. Visitors to those websites can submit feedback that the victim companies can’t automatically view. Indeed, many businesses probably don’t know the sites even exist.
But in the event they do discover the .feedback
domains, that doesn’t mean the companies don’t have a say in the matter. Tom Limoncelli of Everything Sysadmin clarifies that point:
“If they do discover it, they are given a choice: Pay $20/month to receive the feedback, or pay $600/year to take the web site down. Of course, there is a free option: Just let the site remain and suffer as people send their feedback and feel ignored.”
Assuming every company pays, the scammers would walk away with $3 million. That’s not bad considering it probably cost them at most $60,000 to register the domains at $10-$12 a piece.
But let me be clear: none of the companies should pay to have the sites taken down. Instead they should file separate complaints with the Internet Corporation for Assigned Names and Numbers (ICANN). If it receives a sufficient number of reports indicating abuse, ICANN might respond by disabling .feedback
as a TLD.
That would probably be for the best.
Affected companies should also look to control the narrative by creating their own feedback channels hosted on their websites. Such a move wouldn’t prevent some users from looking up their misused .feedback
domains. But it would communicate the companies’ willingness to receive and respond to users’ feedback.
Over time, these channels could ultimately overshadow the .feedback
sites even if ICANN decides not to disable the TLD.
Graham – Would you advise companies to pre-register their "MyCompany.Feedback" domain name as a defensive measure? Or, should we wait and see what ICANN decides to do?
I wouldn't bank on ICANN actually doing anything, They've had their cut…
Though this looks more promising than they have been in a long time http://www.circleid.com/posts/icann_spam_offenders_knujon_report/