Managing the threat of cybercrime, including counterfeiting, traffic theft and phishing, requires a proactive approach to online brand protection, says Tim Brown, Head of Brand Protection at Com Laude. He sets out best practice guidance for brand owners.
It’s no secret that cybercriminals are becoming more skillful in their activities, but the rise in domain name infringement and email scams during the COVID-19 pandemic has caught many businesses and their customers unaware. As the ways in which we work, communicate, source information and shop have switched to online channels, including mobile phones and apps, the challenge of protecting brands and consumers online has also grown.
While different brands will face different challenges, the most common threats at present include:
What most of these have in common is the use of domain names, whether typo- or cybersquatting (traffic theft/lookalike sites/counterfeiting) or domain name/DNS hacking (phishing and spear-phishing). As such, domain name monitoring is an ideal first step to measuring the threat to your brand, customers and reputation online, and to building the enforcement strategy needed to stamp it out.
The days of choosing to do nothing and waiting for customers to complain are long gone. Today, brand owners need to be much more proactive in their approach. However, with budgets under pressure and the number of online attacks only likely to increase, choosing where and how to act is key. In order to decide that, you first need to measure up the threat to your business, and its brands and consumers.
Domain name monitoring identifies potentially infringing domain names by spotlighting every domain name in every jurisdiction that includes your brand or business name, plus common typos and homoglyphs (see below). For most brands, this can result in hundreds or even thousands of matches, so the next step is to filter those results in terms of risk and criminality.
But simply providing brand owners with a list of potentially problematic domain names is of little value, in my view. Such monitoring services effectively place the burden onto internal teams to analyse the results, and – depending on resources and availability – can not only slow down their ability to react, but also makes the process much more burdensome than it needs to be.
It’s the context that adds the real value to the results. That’s why Com Laude’s domain name monitoring service is designed to provide clients with the insight needed to inform rapid decisions. This includes automatically filtering registrations by threat level, from high risk of criminality (malware/phishing) to traffic theft/reputational damage (PPC/lookalike sites) and ‘benign’ registrations that only need to be monitored, at least for now.
The internet is a dynamic space, which means your watching service should be too. Com Laude’s service re-assesses unauthorised domains regularly, so if a domain that has been dormant suddenly becomes active or a new registration is identified, it shoots up the list, enabling clients to review and assess the threats as the landscape changes.
This allows our clients to monitor the entire infringing landscape more effectively, ignoring lower risk domains, and allowing them to focus time and budget on the domain names that pose the greatest risk.
Unfortunately, cyber attacks are incredibly lucrative for criminals, and this means that cybercrime is becoming a lot nastier and more damaging. In the early days of cybersquatting, we would see a lot of ‘harmless registrations’, where domains had been snapped up by opportunists, rather than criminals as such. These days there is a whole criminal industry around domain name and traffic theft, including malware and ransomware, and even in the publication of misleading information or sale of fake PPE as we saw during COVID-19.
The cost of domain name registrations is typically low, and that means the opportunity cost is too. But, this doesn’t mean that brand owners should give up. Instead, they need to be similarly sophisticated and proactive in their approach, by putting in place monitoring and enforcement tools and strategies, and also considering additional security measures to protect their assets and customers.
This includes, for example: two-factor security measures for financial transactions; DDoS mitigation/registry locks for any domain names carrying business infrastructure, such as email; and, the ability to act quickly to educate consumers on any identified phishing or spear-phishing threats that they may receive.
Working with a trusted provider is also important here. We commonly see trends emerge and have a ripple effect across our client base, which means we are able to alert clients of potential new threats. For example, as we saw COVID-19-related scams appear, we automatically alerted our clients to potentially infringing registrations for the brand names that we monitor on their behalf.
The same is true when a registry launches ‘special offer’ or discount domain name registrations, as this also tends to result in a spike in infringement claims. Where such registrations are open – in other words, there is no trademark check – then opportunists will naturally jump on it. Here too, we often see the same names crop up again and again.
In the long run, it is far more effective to take a proactive approach to brand and domain name protection. By scanning and monitoring the threat, rather than waiting for problems to land, you can gain the knowledge needed to counter and act against criminality online.
Despite the rise in criminal activity, there are plenty of channels available to brand owners to take effective action. For example, takedowns of phishing sites via the registry or formal domain name dispute resolution mechanisms, such as the Uniform Domain Name Dispute Resolution Policy (UDRP).
We talk about the internet as if it is a cloud, but domain names are allocated and overseen by physical companies in a physical jurisdiction, which means that a brand owner’s rights can be enforced. The skill is in identifying which domain names to act against and when. It is here that Com Laude’s approach to ranking by threat and activity comes into its own
To find out more about Com Laude’s Brand Protection services, please contact us.