Phishing

show / hide all

What is phishing?

Phishing is the forging of websites or e-mails of banking institutions, auction houses or sales platforms in order to get the secret access data (like PINs or TANs) of Internet users. This data is then used with fraudulent intent by causing damage to their victims’ capital. Phishing is liable to prosecution.

In practice, phishing websites often use URLs like http://bankname.this.is.an.example.at . These URLs are usually sent via e-mails that contain the specification of a false sender.

What is the role of nic.at?

nic.at is the registry for .at-domains. The contractual relationship between the domain holder and nic.at refers to the .at-domain and does not include any other services that could be used with a domain, for example in a technical way (like e.g. e-mail, URLs, etc.).

nic.at does not provide web space or name services and, thus, has no influence on website contents. Furthermore, nic.at is not responsible for e-mails or URLs. These services are usually offered by the ISP.

Who are the possibly relevant protagonists with regard to phishing?

The holder of the relevant domain, the ISP, the registrar and the TechC should be mentioned here.

The domain holder bears the exclusive usage rights of the domain, which makes him responsible for any services in connection with the domain.

An Internet service provider offers services (e.g. website, e-mail etc.) that can be used in connection with the domain. However, an ISP is not necessary as long as the technical requirements (e.g. nameservers) is available for these services.

The registrar is nic.at’s billing contact for a domain. In addition, the registrar often has the function of an ISP, whereas this needn’t necessarily be the case.

The tech-c is specified in the nic.at database as the person responsible for technical issues regarding a domain (e.g. website). He is also listed in the domain’s Whois entry.

What can you as an Internet user do against phishing?

By no means disclose your banking data (e.g. account number, PINs, TANs)! Your bank would never contact you by e-mail asking you to specify your personal banking data online.

If you suspect an act of phishing, you can always inform the executive and also your baking institution if the data has been requested in its name.

Should your own website be misused for phising purposes, contact your ISP immediately in order to have the phishing website and possible security holes removed.

What can you do as an affected service provider in case of phising?

If you suspect an act of phishing, you can always inform the executive.

In addition, you can try to contact the domain holder, who is specified in the Whois database. In case this data is not correct, nic.at is entitled to withdraw the domain, provided that we get evidence about the incorrectness of the domain holder data specified in the Whois database. This can be proven e.g. by sending a certified mail to the address specified in the Whois database, which is then returned undeliverable. By forwarding this letter to nic.at, it is possible for nic.at to interfere and cancel the contractual relationship.

Furthermore, we recommend contacting the website’s ISP. However, there is often the problem (also for nic.at) of finding out who the actual ISP is. For obvious reasons, phishers are anxious to hide their identities.

Should your own website or a subsite be misused for phising purposes, contact your ISP immediately in order to have the phishing website and possible security holes removed.

What can nic.at do against phishing?

nic.at itself offers no services that are relevant for phising. From a technical point of view, a domain would not even be required, as the fraudulent website could also be directly accessed via an IP address.

nic.at’s role is therefore limited to providing information. Moreover, we have the possibility to disclose further available domain data if there is a legitimate reason. We can also withdraw domains if we are informed (by sending a copy of an undeliverable certified letter) that the domain holder data specified in the Whois database is not correct.

It is of particular importance that nic.at is in no case authorised to take the position of the executive or court.

In case of strong suspicion of phishing, nic.at will also try to contact the domain holder. However, due to the internationality of domain holders, this process may take some time.

Why does nic.at not simply deactivate the domain?

There can be several reasons:

• The contractual relationship between the domain holder and nic.at solely refers to the domain itself. It does not include any further services that might be used for phishing purposes (e.g. e-mail, URLs, website content, etc.).
• The domain name itself does not violate a right.
• The attempt to defraud is solely given by the content of the website and is in no way in connection with the domain.
• Phishing URLs normally don’t use the domain in their first or second level, they rather consist of links including 5, 6 or 7 sub-levels, which are no longer within the contractual responsibility of nic.at.
• nic.at is neither a court of law nor an authority that is in a position to judge whether a website is used for illegal activities or for the infringement of rights of third parties. It is also important to definitely eliminate any kind of censorship. 
• Experience has shown that websites can be hacked in order to misuse subsites for illegal activities. Therefore, nic.at would have to judge the facts of the case, which is not within its field of responsibility.