On November 22, 2016, at 4:05 p.m. sharp, the Vinci group is the victim of identity theft. Several media receive a false press release reporting a review of Vinci’s consolidated accounts for fiscal year 2015 and the first half of 2016 following alleged accounting embezzlement.
In 2019, the US news agency Bloomberg appealed a decision of the AMF’s sanctions commission. The hearing before the court of appeal will be held this Thursday. Bloomberg was sentenced to 5 million euros for relaying information from a false Vinci press release.
A fake press release from Bloomberg
The American news agency Bloomberg is accused of having disseminated, in 2016, false information about Vinci without having verified it.
On November 22, 2016, at 4:05 p.m. sharp, the Vinci group is the victim of identity theft. Several media receive a false press release reporting a review of Vinci’s consolidated accounts for fiscal year 2015 and the first half of 2016 following alleged accounting embezzlement.
The false statement also indicates that the chief financial officer was fired. Less than a minute later, between 4:06 p.m. and 4:07 p.m., Bloomberg picked up the information and disclosed it on his terminal.
This press release had even been signed with the name of the real person in charge of Vinci’s press relations, while referring to a false cell phone number.
In defense, the defendants point out before the commission that the tone, the absence of spelling errors, the careful layout, the exact references to certain directors of Vinci or to its auditors, the mention of the real spokesperson for Vinci as well as the plausibility of the foot of the press release, which contained a link to unsubscribe from the Vinci mailing list and alerted the recipient to the automated processing of data, mentioning the contact details of the real correspondent Cnil de Vinci , did not differentiate this press release from a real press release established by Vinci.
The domain name issue in the false press release
The only inaccuracies in the false press release: the domain name of the false Vinci site to which the press release referred and the false mobile phone number of the “media contact”.
The fraudulent press release was also received by AFP, which did not follow up after realizing that this document had been posted on a mirror website, very similar to the real site but with a separate address (vinci.group and not vinci.com).
How to protect your domain name?
Domain names represent an essential intangible asset for companies since they allow access to websites related to their activity. Now, protecting the domain names associated with the trademark or the business of the company has become almost as important to the company as the protection of its brands.
In addition, domain names are the preferred medium for cyber-attacks which calls for increased vigilance on the part of owners and Internet users.
Phishing, fake president fraud, identity theft, fake job offers, theft of personal or banking data, whaling… frauds are numerous and are constantly adapting to technological progress;
Fraud is facilitated by the very protective provisions of the GDPR, which prevent the direct identification of the domain name registrant; technical service providers tend to rely upon the provisions of the GDPR and the LCEN to justify their inaction and allow fraud to continue;
There is a great risk of damage to the company’s image and reputation. Such fraud also has a significant financial impact, given the risk of embezzlement and money laundering.
The AMF’s Guide to Periodic Disclosure for Listed Companies (dated June
To protect your domain name from cybersquatters or competitors, it is recommended to also register the domain name as a trademark in addition to the reservation of the domain name.
It is possible, before making a domain name reservation and trademark registration, to check its availability, to avoid conflicts between domain names, trademarks or corporate names.
Domain names are now an integral part of the international economic landscape. Like industrial property rights and traditional distinctive signs, they are instruments of competition and intangible assets of companies. It is of course essential to have it for anyone who wants to exist in a market.
But care must be taken not to come into conflict with one’s competitors by using, even in good faith, distinctive signs close to theirs. Conversely, it is also necessary to enforce its own distinctive signs by not allowing third parties to appropriate signs close to its own in order to offer the same or similar services.
How to mitigate the risks regarding domain names ?
– Proceed to an audit of the corporate trademark and the company’s flagship trademarks among domain names, in order to map the risks;
– Set up a 7/7 watch of the corporate trademark among domain names, and a 7/7 or at least weekly watch on the company’s trademarks dedicated to goods or services;
– Set up watches on social networks such as Facebook, Instagram, Twitter and LinkedIn;
– Proceed with the preventive registration of domain names in risky extensions (such as .COM, .CO, .CM, .GROUP);
– Take preventive action(s) against potentially dangerous domain names;
– Define procedures and set up a crisis management unit to quickly react to infringements in case of emergency;
– Draft or update the company’s domain name policy (registration procedures, compliance with legal obligations, best practices) to be shared internally and with the company’s service providers and suppliers.
Cyber threats are more numerous and more complex and it has also become increasingly difficult to take action against registrants of disputed domains. More than ever, monitoring is required with the implementation of risk mapping and a defense strategy.
Dreyfus advise you in setting up the appropriate strategy to limit the risks related to domain names and to integrate industrial property assets in your compliance plans.