Article Lead Image

Illustration via Max Fleishman

How domain fraud is like a sexually transmitted disease

Domain fraud is a silent epidemic. It doesn't have to be that way.


Howard Greenstein

Internet Culture

Posted on May 10, 2016   Updated on May 26, 2021, 7:31 pm CDT

For 2015, the Centers for Disease Control logged an increase in several types of sexually transmitted diseases, including chlamydia, gonorrhea, and syphilis. Maybe it was reported on the news, but unlike Kanye’s latest outburst or politicians’ latest poll numbers, no one’s talking about it. The same thing is true for domain and brand fraud, which is on the rise.

Talk with the general counsel, IP protection strategist, or CMO of a major brand and quietly, they’ll relate various cyber-incidents that have hurt their company. There are simple symptoms, like the look-alike domain one of our clients found that was running ads and charging the company per click. Then, there are more complex bugs, like a mistype of a domain that sent our client’s customers to the competition, bleeding them of revenue. And finally, there are the real viruses: Actual computer viruses that can be caught by mistyping the names of many top websites. In fact, this Internet Society study notes that over 94 percent of the top 500 websites leave browsers one mistype away from a malicious website.

Though these “ailments” are a fact of life for businesses in an increasingly Web-dominated world, no one seems to be talking about it. There could be a few reasons for this, including:

  1. Reputation worry “We’d like to let the world know that hackers bought our brand name with a different domain extension and put up a fake site,” said no press release ever. It’s a hard pill to swallow when customers or employees are fooled. The thing most companies want to do is take a pill, call the lawyer, do damage control with their customers, fix the problem, and move on. Perhaps the general counsel, CMO, or the CISO will discuss it over drinks at the next conference with her peers, but it’s (hopefully) not making the press. So, just like that one promiscuous college student who is afraid to see the doctor, the same type of problem will be passed on to multiple brands before someone notices.
  2. Ignorance is bliss Unless you’ve got a rash, you might not know you’ve got a problem. The same happens with domain fraud issues. One company we work with had two of our competitors supplying monitoring reports. We showed them their results in DomainSkate and they found new instances of brand identity theft—people who had taken their domain or a close match, their logo, and their tag line. Awareness is the first step to a cure, and this company got that wake up call. But, no one’s shouting this from the rooftops.
  3. It’s not my problem It is normal for companies and executives to focus only on the elements of their business that they feel they can control. Product quality, customer experience, and messaging are all examples of this. Brand protection, at first glance, does not necessarily fit the criteria because it is predicated upon watching and acting on forces outside of the business. However, just as an ounce of protection is worth a pound of peace of mind, protecting your brand in a consistent manner can enhance your business.

The new saying goes, you can give a person a fish, they’ll eat for a day, but if you teach a person to send phishing emails, they’ll get rich quickly. The FBI notes that incidents of targeted email fraud are on the rise, accounting for over $2 billion in theft from companies over the past two years. One common method is to create email accounts using a very similar domain name, with a slight mistype or a different extension to the right of the dot. Buying domains with the same or similar name as a brand or trademark is inexpensive and almost universally accepted. A few registries, such as .Tickets, are notable exceptions.

Domain fraud is a silent epidemic. 

Domain fraud is a silent epidemic. For every potential customer the our sales team contacts, we create a brand risk analysis report. The reports are never empty. If a company has a website with any significant traffic, does e-commerce, or is a mid-size or larger business, the “bad guys” will create websites, parked pages, or registered domains that could be used to damage the company’s reputation. It’s time we talked about this issue, brought it out into the open, and discussed it like adults.

The first step is getting tested. Work with a legitimate brand protection vendor immediately. You can’t be cured until you know that you have a problem.

Howard Greenstein is COO of DomainSkate, an online brand protection firm, and an adjunct lecturer at Columbia University’s School of Professional Studies. Follow him on Twitter @howardgr

Share this article
*First Published: May 10, 2016, 5:46 pm CDT