Our fight against fraud and abuse: an update

In 2020, Namecheap saw a rapidly rising level of tickets reporting abuse, an 85% increase from 2019 — born out of the COVID pandemic. A huge and ongoing effort was needed to combat this new wave of fraudulent activity, and we highlighted how our fight against fraud was just getting started in June last year. 

We analyzed and improved our systems and daily workflow, and made a significant financial investment in our team and the necessary tools needed to combat the growth in abuse. 

As our fight continues into 2022, we’d like to update you on our continuing efforts and how we’re covering important battlegrounds like Twitter to give customers a better service across the wider Internet.

How we continued our fight in 2021

Once again, in 2021, we saw an increase in abuse-related tickets, this time at a lower rate — 36% over the prior year — indicating that our anti-fraud efforts have a positive effect.

Here are some of the highlights from last year:

• We processed 1.8 million reports — not just from tickets but from social media channels and third-party organizations. 

• Despite a higher volume of reports in 2021 than in 2020, we decreased the backlog of abuse tickets by 57.7%. 

• We witnessed a growing trend of cryptocurrency-related scam activities, which helped us understand new types of abuse and how to reduce them.

• Our anti-fraud budget was increased by 56% to invest in third-party tools and the development of anti-abuse tools.
• Our legal and abuse department grew by 23% in December 2021 compared with December 2020. 

• We improved the process of automatic validation and processing of received reports. 

• We stuck with our new approach of investigating and responding to the latest tickets first, rather than working from the oldest ticket, which reduces our response time and helps stop our cybercriminals from establishing themselves on our platform.  

How we handle reports of abuse from Twitter

Recently we read a tweet that commented on the way we handle abuse reports on Twitter, calling us a “leader in that area now.“

Kamila Y, our Legal and Abuse Team Leader, gave us some insight into the process:

“Our anti-abuse team monitors new tweets related to abuse 24/7, and investigates them to mitigate an attack as soon as possible, so we prevent new victims, and the time that the malicious service is online is reduced to a minimum.

Depending on the type of abuse, the service is either taken down completely or the malicious part of a website is blocked. On average, our response time to abuse reports on Twitter is 15 minutes.”

Kamila adds that Twitter is an effective way to deal with malicious services, and it’s

“…a way for us to show people that we do not tolerate abuse, and we are willing to make it harder for them to perform attacks using Namecheap services.”

This belief is echoed throughout the team. Valeriy K, Legal and Abuse Shift Leader says,

“It’s nice to see that our anti-abuse policy has grown much stronger and brought us to a new level where we can show the world that Namecheap is against abuse!”

Who we worked with

In 2021 Namecheap introduced an API system dedicated to phishing reports which helped speed up our work and improved our cooperation with the following security companies:

• Threat intelligence and attack surface management – RiskIQ

• Cyber security service – Orange Cyberdefense

•  Fraud detection platform – ThreatMark

•  Cyber security service – PhishLabs

•  Fraud and risk intelligence – Outseer

•  Cyber security service – Hispasec

We rallied together with our fellow domain registries to fight abuse more efficiently. By exchanging data, we could view large amounts of data on abuse cases and discover more patterns to assist us in our research.

How we optimized our responses

As the flow of abuse reports became heavier, we analyzed the ways we process them and tried to introduce as much optimization as possible. Our main aim was to combat abusive activity vigorously, but, at the same time, we did not want to make things harder for our loyal customers who may have fallen victim to bad actors themselves and the abusers took advantage of legitimate services via hacking activity. Therefore, we need to be sure that we are acting fast but careful.

In order to spare human resources for delicate matters, we welcomed automation in the processing of abuse reports. But we quickly understood that one of the keys to successful abuse elimination is attention to preventive methods and it was decided to turn to machine learning technologies for help. Later this year we plan to put the machine learning preventive mechanisms to action.

One of the focuses of 2021 was increased attention to social media cooperation. We acquired strong allies in the abuse combat on Twitter and their input helped to change things for the better. Kudos to @malwrhunterteam, @ecarlesi, @dubstard, @JCyberSec_ , @illegalFawn, and many others!

A spotlight on ThreatMark 

To give you an idea of our relationship with security companies, here’s a little more about ThreatMark, which aims to protect users throughout the customer journey, including threat detection, identity verification, and transaction risk analysis, to help banks fight fraud. 

To let you know more about our partnership with ThreatMark, Den K, our Legal and Abuse General Manager, had this to say:

“We spend a lot of resources to optimize the process of receiving abuse reports and taking action based on them. And it’s always a pleasure to partner with organizations like ThreatMark since we share a common goal to take down phishing as fast as we can.” 

Den continued,

“Together with ThreatMark cybersecurity specialists, we are reinforcing our anti-abuse measures and multiplying the effect of actions taken by both companies. At the end of the day, bad actors face multiple blockers when executing phishing attacks using Namecheap services, and it’s wonderful to realize that we have contributed to that a lot.”

In our fast-changing world, technology is constantly progressing, as are methods of abuse. Kamila Y, our Legal & Abuse Team Leader responsible for improving anti-phishing measures, says:

“It’s important to keep up the pace and have reliable partners. We’ve been fighting abuse along with ThreatMark for several years already, and it was a pleasure to end 2021 with the improved cooperation flow.”

Kamila recalled that in 2020,

“ThreatMark suggested optimizing the way we receive and process their abuse reports, but we were not ready for the dramatic changes yet. And we continued working hard, putting in a lot of human effort, and implementing the new approach to abuse processing. Finally, once we had the automated reporting system ready and tested, we reached out to ThreatMark as one of our longstanding and trusted sources.”

Our fight continues… 

We are constantly striving to help keep our customers safe, and our anti-abuse team is available 24/7 to address incoming tickets and carry out investigations. Our ultimate commitment is to champion a free, open, and safe Internet — cybercrime threatens our mission, so we will continue to invest our time and efforts into combatting online fraud and abuse. 

You can read more about our company story and customer commitments on our About page.