Every day we see businesses allow previously used domain names to expire and drop. There are many risks in allowing business domain names to expire.
Businesses allow domain names to expire for a number of reasons including, because they forget, or a domain name is no longer required due to business failure or merger. Once a domain name expires it goes into a pending delete status before being purged and becoming available to be registered.
It is important to make it clear that the business domain names we are referring to are domains that were used as a primary business domain, rather than for an idea or ancillary product.
How expired domain names can be used for fraud
Once a domain name expires it can be registered by anyone else. Over the past 2 years in Australia we have seen a common issue where foreigners usually based out of China or Eastern Europe. While auDA took decisive action in deleting over 1000 domain names that were used in fraud, these kind of issues can still exist and cannot always be detected. These domains were UBUs, which is basically a situation where a fraudster uses another entity’s ABN or ACN for the purpose of registering a .au domain name.
Domain names were registered, often using the former owner’s ABN or ACN. The fraudsters would then reinstate the original website, for instance an ecommerce store, from public web archives. They would then pretend to sell products to the public (including former customers), except they would collect the money and fail to deliver, ripping off consumers.
The issue is not limited to domain names previously used in ecommerce, but also other domain names used by businesses. By way of example a domain name formerly owned by a law firm which dissolved could be used with a catch all email address to capture confidential emails and sensitive client information, which was intended for the law firm. The same example could equally apply to accounting and other professional services businesses.
Thats not all, even the local plumber who let his domain name expire, could see a competitor pick up the domain and divert users to their website.
While not always possible, due to partnership breakup or insolvency, a simple way to reduce risk is to renew domain names at least for 3 to 5 years after a business closes down or merges. Renewal of the domain name will reduce the risk of use by fraudsters. Now that 1 to 5 year registration terms are available for .au domains, a domain can be renewed for a 3 to 5 year term, which may be enough to mitigate the risk.