Update spoof invoices

Published on: Friday 18 July 2014

We recently reported that two firms – NL Domein Host and Domeinhost Nederland – were sending out ‘spoof invoices’. We are advising anyone who receives a spoof invoice not to pay it. However, we have been unable to establish that the two firms are doing anything unlawful, which would allow us to intervene directly.

What SIDN has done so far

We believe that the practices of NL Domein Host and Domeinhost Nederland are undesirable and that they detract from the trustworthiness of the .nl domain and our registrars. Over the last few days, we have therefore taken action to minimise the undesirable effects of the two firms’ activities. The steps we have taken are as follows:

Registrar approached

The firms’ domain name and website are registered and hosted by a .nl registrar. We have approached the registrar in question and asked for action to be taken against NL Domein Host and Domeinhost Nederland as a matter of urgency.

Website user approached

We have additionally written to the user of the website, highlighting the matter of the spoof invoices and asking that appropriate action is taken.

Advertising Fraud Support Centre contacted

We have been in touch with the Advertising Fraud Support Centre to exchange information and experience.

Registration and legality checked

We have established that the domain name used by the two firms was correctly registered. The content of the website has been examined and appears to be legal. We nevertheless regard the covering e-mail and spoof invoice associated with the website as undesirable.

What can you do?

Don’t pay the invoice

We advise anyone who receives an invoice from NL Domein Host and/or Domeinhost Nederland not to pay it.

Report the matter

We suggest that you report any spoof invoice you receive to one of the following organisations:

  • The Advertising Fraud Support Centre (fraudemeldpunt.nl)
  • The registrar that acts for NL Domein Host and Domeinhost Nederland

Pooling evidence about multiple cases makes it easier to tackle the abuse.

Comments

  • Sunday 8 April 2018 Knowledge bank

    Root zone rollover has implications for DNSSEC operators

    19 January 2017 In autumn 2017, ICANN initiated the rollover of the (KSK) pair for the root zone. The rollover involves renewing (i.e. replacing) the root zone's cryptographic key pair, which underpins the entire DNSSEC infrastructure. Renewing the key pair entails significant risk. Although it is very unlikely that anything will go wrong, an error could potentially render all internet domains (including non-signed domains) unreachable for all users and applications that rely on validating resolvers. The situation is similar at the local level. Validating resolver operators need to first add the new (public) key to the trust anchors on their servers, and subsequently remove the old key from their systems. If an operator fails to act, it won't be possible to validate any digital signatures beneath the top-level domains (TLDs) in the root zone. Then all internet domains will become unreachable for everyone relying on the resolver in question. RFC 5011 sets out a protocol for automatically installing the new (public) key as a trust anchor. The developers of the most widely used validating resolvers — BIND named, Unbound and OpenDNSSEC — all say that their software supports the protocol. The very dated Infoblox appliances don't support RFC 5011, meaning that Infoblox users face a fresh set of problems.

    Afbeelding van Root zone rollover has implications for DNSSEC operators
    Read more
  • Monday 25 September 2017 Internet security

    Meet SIDN at Holland Strikes Back

    The Dutch knowledge event about cybersecurity

    Afbeelding van Meet SIDN at Holland Strikes Back
    Read more
  • Wednesday 30 January 2019 About SIDN

    Outdated IPv4-based internet unsuitable for peer-to-peer applications

    NAT spoils gaming experience

    Afbeelding van Outdated IPv4-based internet unsuitable for peer-to-peer applications
    Read more