SIDN will now immediately disable fake webshops reported by the police

From the end of November, SIDN will treat fraud identifications made by the Police National Internet Fraud Desk (LMIO) as authoritative. The operator of the .nl domain will therefore immediately take down any fake webshop flagged up by the LMIO, without further investigation.

Fake webshops on the rise

The new approach will mean that fake webshops can be taken down sooner. "If, on the basis of their expertise, the police say 'This webshop is a fake and people are being scammed,' we want to accept their judgement and take appropriate action, preferably right away," explains SIDN's abuse specialist Chiel van Spaandonk. "Prompt intervention is very important, because every hour a malicious webshop remains online, it claims more victims."

The LMIO is equally pleased with the new partnership, says team leader Gijs van der Linden. "We feel that something has to be done, because the number of trading fraud reports we get about webshops is rising all the time." The figure has gone from 16,000 in 2023 to 20,000 and counting in 2024. "And it's estimated that only 1 in 5 victims actually report what's happened."

Tough action

Initially, there will be a one-year pilot project. "That'll enable us to assess how the new partnership is working," says van Spaandonk.

SIDN has had a similar arrangement with the Reporting Hotline for Internet Child Pornography for a number of years. However, this is the first time that SIDN has formally recognised an outside organisation as a 'trusted flagger'.

That formality serves an important legal function, according to SIDN's Legal and Policy Manager Maarten Simon: "It's impossible for us to fully investigate every report we receive to establish whether a website is doing anything criminal. However, the police don't have the legal authority to order us to intervene. Those two things together mean that we can't always act as quickly as we'd like or take as tough action as we'd like in the fight against fake webshops."

Making progress

Until now, if we received a Notice-and-Take-Down (NTD) request – from the LMIO or anyone else – we couldn't lawfully act against the domain in question unless the registrant had breached our terms and conditions, e.g. by providing false registration data. Our first move has therefore been to check the registration data by sending a verification request. If we don't get a satisfactory response within 3 days, Article 18 of the General Terms and Conditions for .nl Registrants allows us to disable the relevant domain name.

Explaining the rationale for the link-up with the LMIO, van Spaandonk says, "Situations sometimes arise, where a site looks very much as if it's fraudulent, but we can't establish that for certain, and the registration data is correct. In those situations, there's nothing more we can do." Such situations are very frustrating, both for SIDN and for the LMIO. "It's theoretically possible for crooks to put up a straw man," says van der Linden. "In other words, use a real person's identity to register a domain. Then they are compliant with SIDN's terms and conditions, even though what they're running is a scam. We can't have that, so this agreement with SIDN represents a big step forward."

4-eyes principle

Before starting an NTD procedure, the LMIO always investigates fraud reports thoroughly. As van der Linden explains, "Cyber-detectives begin by searching our records for other relevant information. For example, we might have intelligence on a particular address, company or individual." The LMIO also looks at the webshop itself. "How long has the webshop been active? Where is it based? Are the prices too good to be true?" Another focus of the LMIO's investigations is the registration data. "We've got a variety of applications that enable us to look for a broad sweep of pointers. For instance, we can see whether a registrant has registered lots of other domain names as well." Crucially, the '4 eyes principle' is always followed. "What that implies is that every case is reviewed by a second member of our team before we initiate NTD."

Irresistible products

At certain times of year – the run-up to Cyber Monday and Black Friday, and during December – there are peaks in the number of fake webshops coming online. So the timing of the agreement between SIDN and the LMIO is not coincidental. December always sees an upsurge in the number of shoppers falling prey to online scammers, van Spaandonk says. "Some scams are very professionally organised, maybe involving very precise copies of popular legitimate webshops. Although a scam like that requires a lot of up-front investment, the potential rewards easily make it worthwhile for the crooks." One reason for that is that fake webshops often exploit fads. "Scammers generally offer desirable consumer goods such as PlayStation 5s, iPhone 16s or Kamado barbecues at prices that are too good for people to resist." However, either the purchase never arrives, or the buyer gets a cheap fake.

Minimising the number of victims

Van Spaandonk hopes that the new LMIO-SIDN alliance will serve as an example, encouraging other bodies to form similar partnerships with SIDN. After all, there are various other investigative authorities and market regulators in the Netherlands that often make NTD requests.

"Numerous organisations are obliged to give warnings about certain webshops. Even if the webshops in question aren't committing fraud in the eyes of the law, it's often important that they are disabled as soon as possible."