This scenario is a test. How long will it take you to guess the cyber-crime at hand? Be sure to time yourself. Ready, steady, go!
You receive an incoming complaint from a customer. They mention not receiving their discount code after filling in your online form. However, you are not offering any kind of discount. You don’t even have an online form. The complaints continue to roll in and one customer mentions your new website; it is using a replica of your domain with the addition of ‘discount’ on the end. Another customer forwards an email they have received, sent from that domain. There is convincing and well-written marketing copy with a believable call to action.
Nobody can resist a discount. It seems your customers are following the message: “Visit our new website! Complete the online form! Claim your discount!” To your dismay, you discover that the website is an exact carbon copy of yours, except it is running a promotion complete with online form. Above all, someone is collecting your customers’ personal details by using your brand name – they are impersonating you!
Can you guess what cyber-crime it is?
Yes, it is phishing. Bad actors register a domain to impersonate another business in order to steal and abuse confidential data. As with most domain name abuse, the result has a negative impact on your business. Affected customers don’t tend to be very forgiving.
As you may have noticed from previous posts on domain abuse, the essence is the targeting of your brand via a confusingly similar domain name. This is what we combat in Com Laude’s domain name brand protection team. There are many different forms of targeting, due to the boundless creativity of domain abusers. Phishing is only one within a substantial menu developed by bad actors over 25 years of the commercial Internet. However, there are very few types we at Com Laude haven’t seen.
The scenario above is a real-life example taken from our Com Laude casebook and came with severe consequences. To make matters worse, such cases can be followed by a proliferation of new domains registered in the name of an unfortunate customer who has already fallen for the scam. The bad actors use that customer’s credit card details to pay for these. Thus the disruption continues.
Com Laude’s Demys Platform, our domain name monitoring system, provides the solution. Scanning millions of domain names daily, the platform (in conjunction with its Surveillance Module) can identify typical phishing signatures and report the offending domains. In the scenario above, our domain name brand protection team terminated the domain through an acceptable use policy complaint to the web host. The domain dispute policies are also available to capture an offending domain for your own portfolio. Traffic to the phishing site will continue long after the scam is discovered, and by winning a transfer of the domain, you can recover that traffic and point it to your own site, or to an education page.
This way, you can be sure that the only person who ever offers discounts to your customers is you.
If you would like to know more about our domain name monitoring service, contact us.
Uncover more real-life scenarios in our Com Laude Casebook series here.