I have received like many today people a dodgy SMS message to a phishing website. One pretending to be from Royal Mail another from HSBC Bank. I think with training many are now beginning to spot them. However I am sure many are still been fooled by them. So I try to an active role in reporting them to the company that hosts the website.

The last one was https://www.namecheap.com. It was using hs-onlinepayeebanking-support.com. Using a WhoIs service it is easy to trace to the company that owns them and to the abuse@namecheap.com. However I thought I would contact the help desk to see if they were active on this. I was surprised to see how little they wanted to help. They asked me to raise a Support Ticket! Interesting that I bothered to take the time to report it to them. You would have thought that they would have a simple internal web form to fill in with the details and copied them over. It seems a little strange that they expect the Good Samaritan to actually do work even harder to report someone using their servers to spam people.

Abuse@ahostingcompany.com

Of course everyone knows that the best way to send the information to them painlessly is via the abuse@ email address. However when I complained about the Royal Mail nothing was done for at least a day. I again approached the Help Desk. Eventually I believe I harassed them enough to actually report it themselves and the website was taken down a day later. Is two days an acceptable response time? I really don’t think it is. Every hour that the system is up, is another hour people are being ripped off. So for a person doing phishing two days is a fanstastic source of income.

One top tip is that hs-onlinepayeebanking-support.com was actually picked up by Gmail. So when I sent it in I got a strange error message saying that it was blocked. At first glance I thought that the abuse@ahostingcompany.com had gone down. However it was Gmail spotting the dodgy web address and was doing its bit to protect internet citizens. So to report the company I had to send it with “.com” detacted or slightly obfuscated. I do believe Google could help a little by not blocking emails to abuse@ boxes as an exception so that those trying to the right thing are not blocked!

However well done to Google for doing something. But this was interesting, to me. Why is it that an external company like Google spotted the problem before the hosting company and was quicker to act?

Why when I called the Helpdesk rather than actually taking action (10 seconds to cut and paste my dodgy website address to an internal form), then explaining I need to create a support ticket etc…..

Conclusion

Simply to me we need hosting companies to take this seriously. If I report something either by Help Desk or Abuse email box this should be done extremely quickly. If spammers and phishing crooks know that within 10 minutes of it being reported its shutdown, they will eventually run out of server companies to hide in.

Will hosting companies invest in protecting internet citizens, often loosing life savings, by simply taking Abuse more seriously?

Name Cheap

I will try and contact namecheap.com to see if they are interested.

It has now been a few days. It seems that namecheap.com are not really bother about it, and have made no attempt to communicate back. Despite it reaching a national newspaper in the UK. https://www.express.co.uk/finance/personalfinance/1330327/HSBC-warning-scam-phishing-fraud-banking-text-message-report. I am hoping perhaps they don’t want to address it publically but behind the scenes have made a change or two. We shall soon see. They were the company that was hosting a recent Hermes scam. I am sure it won’t be long before the next dodgy SMS message. I will attempt to report it by the same means and see if they are now “bothered” about it.