EN
Modern internet technology has made it incredibly easy for anyone to create a new website and sell products or services online. While this is certainly a boon for professionals, artists and businesses, it has also proven to be a blessing for cybercriminals who desire to cast their nets far and wide. In a report published in 2021, ScamAdviser highlighted that 3% of the 7,000,000 domains analyzed were very likely to be scams.
To create a fully-functioning website, one must utilize the infrastructure provided by various companies. For example, to set up and run a successful online shopping store, the following are required:
There are hundreds of companies providing these services and a website owner may utilize the service of any of the companies. In the case of ad platforms, however, Meta (Facebook/Instagram) and Google are dominant players. Other parties such as banks and courier companies are also involved but they have a smaller part to play in the scam ecosystem.
As there are multiple parties involved in supporting a scam website to continue operating, it would seem that approaching even one of the service providers with a complaint should be enough to have a scam website taken down. For example,
In reality, it turns out to not be so easy…
It is not necessarily a lack of power to suspend the operations of scam websites that makes them seemingly impossible to take down; there seems to be an unwillingness by the internet companies too.
The internet is self-regulated and the responsibility of taking action against scams falls on the shoulders of internet companies themselves. Further, companies often have ‘reactive’ policies instead of ‘proactive’ ones, meaning that they are willing to take action only after obtaining satisfactory evidence that a scam has occurred, even if a brand new website shows obvious indications of being a scam. Why is this so?
Self-regulation is a tricky situation due to the often overlooked fact that scammers are paying customers of internet companies. Scammers pay monthly or annual fees and often create websites in bulk. They also spend enormous amounts of money on advertising their scams.
Domain registrars, hosting providers, payment providers and even ecommerce store-building platforms like Shopify are making a fair share of money from scammers and happily continue to do so. Proactively fighting scams would be a resource drain and also negatively impact their profits. Therefore, there is no financial incentive for companies to fight scammers.
Most victims of online scams are just average people looking for products and services online. They do not possess the savvy to know that scammers are taking the help of tech companies. At ScamAdviser, we often see customers blaming Facebook for scamming them by allowing fake ads to run, or they may blame PayPal for allowing the scammers to steal money. The truth is that there are several lesser-known parties involved in making scams possible.
In our Bad Boys of the Internet 2021 report, we published the names of the companies whose services are most used by scammers. These include internet giants such as NameCheap, GoDaddy, CloudFlare, Amazon Web Services, Alibaba Cloud Computing and many more. The average internet user is likely to have never heard about these companies.
As a result, the companies supporting scammers do not risk their brand names being damaged as few in the general public are aware that these companies are associated with scams.
Scammers use automated scripts to create hundreds of websites daily to replace the ones being taken down. Unfortunately, scam websites cannot be reported with the same ease as they tediously have to be reported one website at a time. The companies also put the burden of proof on victims, asking for documentation such as proof of purchase and even court orders just to take action against a single website.
Below are real responses from NameCheap and GoDaddy when they were requested to take down confirmed scams. While their demands are not completely unreasonable, it is simply not possible to provide communication proof and court orders for every website.
It should also be noted that scammers are savvy and have working email IDs and virtual addresses, thus easily outsmarting NameCheap.
GoDaddy, on the other hand, bluntly responded that the victim should seek the help of law enforcement instead of asking them to take down the site.
There is inadequate action taken against scam ads too. The UK consumer rights organization Which? reported that Google had failed to remove 34% of the scam adverts reported to it and Facebook 26%.
Most victims are unaware of where and how to report a scam. Victims who try to report scams and receive disappointing responses like the above will never bother to report a website again. This results in a vicious circle, where victims do not report scams to tech companies as the process is cumbersome and ineffective, while companies say they will not take action unless a scam is reported to them.
Well-structured Know Your Customer (KYC) processes can help internet companies become much better at keeping scam sites at bay. For example, the Danish .dk registry was able to reduce the number of online stores selling fakes by 80% in one year by just asking for an ID.
Unfortunately, forcing hosting providers, registries, and registrars to have more stringent KYC processes seems a lost cause. If there are a few “bad boys” in the market, scammers will just flock to these players.
As of now, there is no simple and straightforward mechanism available for taking down scam sites quickly and at scale. We hope that consumer protection agencies, internet companies and international law enforcement can work in tandem to devise methods to make the fight against online scams more effective.
Meanwhile, it is up to consumers to be aware of scams and avoid them; “Buyer beware!”, as they say. Read the below articles to learn how you can protect yourself from online scams. Don’t forget to Check ScamAdviser Before You Buy.
