back to article UK taxman has domain typo-squatter stripped of HMRC web addresses

HM Revenue and Customs (HMRC) has insisted on having a Panama company trading as the “Whois Foundation” formally stripped of a handful of dodgy web domains, even though the firm instantly offered to hand them over when challenged. The sites, hmrc-onlines.co.uk, hmrc-tax.co.uk, hdmrc.co.uk and hmrcsubmitareturn.co.uk, were …

  1. Tigra 07 Silver badge
    Thumb Up

    bankofscorland.co.uk > BankOrfScortland.co.uk

    A novel idea to incorporate accents into web addresses.

    Once had someone write a cheque out to me for "one handered pounds", which is exactly what his accent sounded like.

    1. Loud Speaker

      Fork Handles to you sir!

      1. Kane Silver badge
        Joke

        "Fork Handles to you sir!"

        Bill hooks!

        1. davidp231
  2. Anonymous Coward
    Anonymous Coward

    Coincidentally I've just had this for our company today (a digit 1 substituted for an l) for use in phishing emails. We have other measures in place anyway so it didn't work.

    The registrar concerned has immediately suspended the domain without requiring any great effort or input.

  3. Anonymous Coward
    Anonymous Coward

    Turning down the transfer offer

    The formal route makes sense. Everything is more open and could be used to show that it was done "by the book" insofar as that is possible.

    Also exposes the firm to further outside scrutiny and (unwelcome) publicity. Their MO may be to typo-squat and milk any benefits that accrue then if challenged give up domain without any fight to avoid exposure.

    And the alternative of accepting the transfer without using the process could lay HMRC open to public though unwarranted claims of strong-arming the firm into giving up the domain names.

    1. veti Silver badge

      Re: Turning down the transfer offer

      What exactly is the point of typo-squatting, if you're going to give up the domain without any fight the moment you're asked anyway?

      "Benefits that may accrue" - sure, but there's no suggestion anyone was using the domains to, e.g., phish or grab information improperly. I feel sure HMRC's press department would have mentioned it if they were.

      1. razorfishsl

        Re: Turning down the transfer offer

        Becasue they don't want a legal ruling against them, but you can bet if it was not the government going after them they would have a different attitude.

        By doing it this wat the UK government gets a legal ruling which can become the basis for future cases.

        1. Adam 52 Silver badge

          Re: Turning down the transfer offer

          "By doing it this wat the UK government gets a legal ruling which can become the basis for future cases."

          Except that dispute resolution is not a legal ruling.

      2. Anonymous Coward
        Anonymous Coward

        Re: Turning down the transfer offer

        What exactly is the point of typo-squatting, if you're going to give up the domain without any fight the moment you're asked anyway? because they knowlingly created the domain name close to an offical organisation in the hope of selling the name to someone who wanted it for impersonation.

        On the one hahd they registering it thus prevented tany imposters from doing their scam on the cheap but if the have passed on any registrations that later were used in scams I would class them as an accessory

      3. katrinab Silver badge

        Re: Turning down the transfer offer

        "What exactly is the point of typo-squatting"

        We are approaching tax return season, where lots of people will be filing tax returns, and paying the corresponding tax. They hope to divert some of that tax from HMRC.

      4. Anonymous Coward
        Anonymous Coward

        Re: Turning down the transfer offer

        "What exactly is the point of typo-squatting, if you're going to give up the domain without any fight the moment you're asked anyway?"

        I've just had a bill from a company trying it on with excessive charges.

        From previous experience, they'll say "Oops sorry, we'll drop those charges".

        I'd much rather take it to court and bring their dodgy dealings to the attention of the authorities.

  4. adam payne Silver badge

    I can only assume they wanted it done by the book and that is way they went DRS way.

  5. Zippy's Sausage Factory

    Kudos to HMRC on this one

    First of all, for going through the proper channels.

    And second, and perhaps more importantly, for not allowing the typo-squatters to hide under their rocks and shining a light on them.

  6. Anonymous Coward
    Anonymous Coward

    These would be easy to spot as they would be working websites.

  7. Stuart 22

    Press here to get your VAT refund

    I wonder if the blighters reclaimed the the domain fee vat as a non-uk trading company albeit trading on uk names?

    This squatting is getting rather more dangerous these days as many phone/tablet browsers effectively hide the address bar after typing so you can't spot your typos or the certificate but may get a page that looks familiar and reassuring with a nice fat button bigger than even the Orange One's.

  8. Warren Sealey

    Typo squatting for selling the domain is one thing

    Now if they had MX records with an email server hovering up any misspelt email addresses... that's another thing altogether..

    1. Rich 2

      Re: Typo squatting for selling the domain is one thing

      ...well not really - you have to ask WHO might they sell the domain to? And for what purpose?

      It sounds like all the domains held by this outfit ought to be examined and removed from their control - what possible legitimate reason could they have for wanting to hang on to them?

      1. Roland6 Silver badge

        Re: Typo squatting for selling the domain is one thing

        It sounds like all the domains held by this outfit ought to be examined and removed from their control - what possible legitimate reason could they have for wanting to hang on to them?

        I think that is another reason HMRC insisted on using the fully public approach. By doing everything in public they encourage both user organisations to look up the Whois Foundation and domain registrars to do some research - since they can see the real details behind the "private" registrations. What is not being said and thus needs others to look at, is whether the 53,954 .uk domains represents the entire extent of the domain names held, or whether there are tens of thousands of domains in other local domains, including .com.

        Also by winning their case, they have made it significantly easier for other domain owners suffering from typo-squatting to use DRS to take control of such domains.

        Interestingly, HMRC also puts ICANN on the spot, as can it really continue to permit the Whois Foundation to continue portraying themselves as being associated with the ICANN Whois service.

  9. Pen-y-gors Silver badge

    Trademark letters?

    [hdmrc.co.uk] ... referring to the registered trademark of “HMRC” incorporated in the domain name

    So latters can be trademarked IN a name?

    So I can't register

    HoMoeReCtus.org.uk ?

    1. This post has been deleted by its author

    2. robidy

      Re: Trademark letters?

      Err, not sure the latter would be confusing for people spotting a squatting attempt.

      1. Pen-y-gors Silver badge

        Re: Trademark letters?

        How close does it have to be to count as typo-squatting

        hdmrc

        hdmrtc

        hjnmrfcv

        hmrrc

        hmmmmrc

        A clear legal definition would be very tricky. Simply saying 'it includes the letters of our trademark' is a very very wide net!

        BaBCocks.co.uk - nope, contains BBC

        1. Kane Silver badge
          Joke

          Re: Trademark letters?

          "BaBCocks.co.uk - nope, contains BBC"

          Big Black Cocks?

        2. BrownishMonstr

          Re: Trademark letters?

          I think the URL registered with the word "Return" in it kind of gave their intentions away. You aren't interested in typo-squatting and getting away with it are you?

  10. Roland6 Silver badge

    LoL!

    "The four sites were stripped from the Whois Foundation and transferred to HMRC by order of the DRS."

    Anyone what to buy a domain?!

    http://whois.domaintools.com/hmrc-onlines.co.uk - Domain is available at $10.99

    http://whois.domaintools.com/hmrc-tax.co.uk - Whilst this claims the name is for sale, the name is not available for registration; however, hmrctaxes.co.uk and 83 other variations are, starting from $10.99...

    http://whois.domaintools.com/hmrcsubmitareturn.co.uk - Still registered to Whois Foundation, but can be yours for $799.

    http://whois.domaintools.com/hdmrc.co.uk - Still registered to Whois Foundation, but can be yours for $799.

    It does seem we haven't heard the last of typo-squatting, I suspect HMRC, having got a favourable DRS ruling, will now begin leaning on ICANN to make it easier to protect the 'unique' subdomain elements; potentially, making it harder to register hmrc-tax.com.ru.

    1. Alan Hope

      Re: LoL!

      Yep, the domains are still available to buy.

      1. Anonymous Coward
        Anonymous Coward

        Re: LoL!

        "still available to buy" .... this probably just means "isn't registered by anyone at the moment so if you want it we'll register it"

    2. M Mouse

      Re: LoL!

      piqued by the first 'whois' reference I wondered who registered hmrc-online.co.uk (ie correct spelling) and was a bit surprised to find it is demys.com which is an Edinburgh based Intellectual Property firm. Made me wonder how costly is the contract with them for "monitoring" such matters. I wonder if someone has the enthusiasm for an FoI enquiry ?

      Made me wonder why the GOV.UK staff aren't doing this, along with fixing wrong phone numbers found via Google Maps (and others) where scumbags have used 084x and 087x numbers to give themselves some income at the expense of the public wanting to contact HMRC... (and no doubt other departments like DWP, DVLA, etc). A solicitor on behalf of HMRC confirmed they were going to sort out the numbers used for HMRC offices (as found on Google maps, Bing, and so on) but that I would need to contact other departments. Talk about un-joined up government when it's so clear one body within needs to look into all such scams, but they cannot get away from walling themselves off from others within Govt.

  11. Nick Kew Silver badge

    You forgot to tell us

    What were the typosquatters actually doing with the domains?

    Low-grade ads and link farming would be basically harmless: would Nominet necessarily rule for HMRC? Obviously certain other plausible scenarios could be a lot more problematic, and a no-brainer for Nominet.

  12. JosephEngels

    Under the Nominet DRS procedures ... a persistent abusive registrant counts as a strike agaisnt, even before the matter goes before an expert. I think it was 3 counts in 5 years was the level at which it becomes a problem. If they think they will lose, they usually give up the name, because if it is found to be an abusive registration, it will hurt their argument in marginal cases. In effect it serves as a "presumption of guilt" so they usually try to avoid it, good on HMRC for sticking with it.

  13. Adrian 4 Silver badge

    A judgement that declared the domains to be intentionally misleading ought to result in the loss of all other domains too.

    1. Anonymous Coward
      Anonymous Coward

      What, no mention of sakes through the heart?

  14. Joseph Slabaugh

    whois foundation.

    The name Whois Foundation suggests it is just a service that all registrars offer as a free. The service does not own the domain names, that's silly. It is just a mask of who actually owns it.

  15. ukgnome Silver badge

    As AC stated - the difference is these squatter sites work. It's funny because it's true.

    Maybe HMRC / government should advise that if it isn't .gov.uk then it isn't them.

    1. katrinab Silver badge

      "Maybe HMRC / government should advise that if it isn't .gov.uk then it isn't them."

      nhs.uk, police.uk and mod.uk are also government sites.

      parliament.uk also existed as a special case long before nominet offered similar names to holders of .co.uk domains.

      1. J.G.Harston Silver badge

        "nhs.uk, police.uk and mod.uk are also government sites."

        No they're not. nhs.uk is the NHS, police.uk are the police, and mod.uk are the MOD. And Parliament made a very strong case that Parliament is ***NOT*** government, so shouldn't have a gov domain. Legally and constitutionally, Government is a committee of Parliament, Parliament is not a subset of Government.

        1. MJB7 Bronze badge

          MoD is part of government

          NHS and Police are not part of government ... but the Ministry of Defence is. It really ought to be mod.gov.uk.

  16. Andy Livingstone

    Nominet

    Seems simple enough?

    Nominet is the relevant authority for ,uk registrations.

    Nominet permitted ov4er 50,000 improper registrations.

    Why keep Nominet?

    1. sitta_europea

      Re: Nominet

      Date: Fri, 7 Apr 2017 15:33:48 +0000

      From: Abuse-Nominet <abuse@nominet.org.uk>

      To: <ME>

      Subject: Re: Criminal activity.

      Received-SPF: pass (Mechanism 'mx' matched) mail6: (nominet.org.uk: 213.248.242.48 is authorized to use 'abuse@nominet.org.uk' in 'mfrom' identity (mechanism 'mx' matched))

      Received-SPF: None (protection.outlook.com: nominet.org.uk does not designate permitted sender hosts) [I left that in just to show that Microsoft is stupid]

      ... As my colleague James advised in his response to your last email, Nominet isn’t in a position to suspend or block domains for illegal use unless we receive a request from a law enforcement agency. We haven’t yet received notification from an LEA about the amzon.co.uk but will act upon it if we do. ...

      Paul Wray

      Customer Resolution Team

  17. J.G.Harston Silver badge

    "Whois allows people to find out who or what has registered a particular .com web address."

    No it doesn't it allows you to find out who has registered ****ANY**** internet address.

    And what bloogy stupid morons thinks the HMRC is a company?

    1. Andy Livingstone

      Who?

      Anybody in the world who is not involved with Her Majesty's Revenue & Customs, surely. Just as some people don't know that BBC is a broadcasting company and think it might be rude.

  18. Richard Cranium

    I have a question. Nominet states: "If you are an organisation or a business you will not be able to opt out of showing your address in the WHOIS". However some registrars (e.g. 123reg) offer "domain privacy" for around £5 a year meaning we can't find the owner using whois. Surely this breaches Nominet's requirement and makes identifying abusive typosquatters, as in this story, impossible - unless the domain privacy can be circumvented in which case what are you getting for your £5?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019