A lot of work is currently being done to define domain name abuse or domain name Infringements. Domain abuse is the use or intent to use of domain names, the DNS domain name system protocol, or any digital identifier with a shape or function similar to domain names, for deceptive, malicious, or illegal purposes.
But where do we stand in the fight against domain name infringement?
Focus on the Attack Vector: a form of Domain Name Abuse
The form of damage corresponds to the attack vectors. Domain name abuse is becoming more common, manifesting itself on websites, via search engines, or in email inboxes via phishing attempts.
In 2023, holders of contentious domain names are increasingly using certain “modern” domain name infringements vectors. Among them are domain name infringements via SMS, QR codes, or even sponsored ads.
In the case of SMS, the infringement takes advantage of flaws in communication protocols. A URL link pointing to a malicious website is frequently attached to the SMS.
QR codes, on the other hand, function as URL shorteners and can direct users to potentially harmful websites. These QR codes are increasingly being printed in paper format on fake notices of passage or fines.
Finally, sponsored advertisements are extremely popular. Malicious sites often appear at the top of Google searches in the form of advertising inserts. The lack of a precise visual indicator often prompts internet users to click on these ads without being wary of the content they contain.
These new attack vectors highlight the creativity and determination of malicious actors. These novel forms are accompanied by substantive innovations. In actuality, the landscape of infringements is also expanding.
An overview of Domain Name Infringements
There are various types of infringements. Cybersquatting, phishing, and fake institutional websites are well-known practices. Others, more recent, require a thorough examination.
A New Form of Cybersquatting: Robot Cybersquatting
Cybersquatting, the act of registering brand-related domain names with the intent to profit from the brand’s reputation, disrupt its visibility, or sell it back to its rightful owner, isn’t new. However, its methods are becoming more sophisticated.
Bots, particularly in China, now constantly monitor domain names. They swiftly register domains once they become available, especially if they are related to legitimate brands. These “vacuum” bots snap up domains that lapse into the public domain for any reason. While this tactic existed in the past, it’s seeing a resurgence, especially in China.
The ‘Fake Shop’ Trend
The so-called “fake shop” is a new 2023 trend. Some fraudulent websites register domain names by linking a previous brand to a country name. These fake shops are counterfeit sites that deliver no product or service. They are near-perfect, semi-automated duplications of previously registered brand sites. The similarity of these contentious sites with legitimate ones creates almost inevitable confusion for consumers. In an effort to sidestep some alternative dispute resolution procedures, such as the UDRP (Uniform Domain Name Dispute Resolution Policy), by replacing trademarks within the domain name by a generic term, this new domain name infringement trend is more difficult to combat.
Another trend for 2023 is “click fraud.” Click fraud is a type of fraud that occurs online within pay-per-click advertising. Website owners are paid based on the number of visitors who click on the ads in this advertising. Click fraud typically occurs on a large scale, with multiple links targeted and clicked multiple times, rather than just once. Malicious actors will obtain expired domain names or typosquat domain names that appear legitimate in order to entice users to click.
Identity Theft and Fake Merchant Sites
Identity theft and the creation of fake merchant sites are frequently seasonal, which means that fraudsters create contentious sites during tax or local fee collection periods, or during festive periods such as Christmas, Mother’s Day, or Valentine’s Day. This strategy targets both the B2B and B2C markets.
The fake merchant site is created in the name of a company whose official details are usurped. The credibility of these fake sites lies in the accuracy of the information concerning the merchant, such as the Siren, Siret, and VAT numbers, and in the usurpation of the company’s Whois data. This tactic is commonly used when legitimate businesses lack an online presence. Consumers who do not have access to the legitimate company’s official website believe the contentious site is authentic. To
Furthermore, fraudsters create fake Yellow Pages accounts, or official sites such as “Google My Business” or “societe.com,” and even fake reviews. The consequence of this practice is hefty as, beyond infringing on intellectual property rights and usurping companies’ identities, fraudsters scam consumers by never delivering the purchased products. This domain name abuse is severe since there’s both a monetary and personal data theft of the deceived consumers.
Identity Theft and Fake Orders
This practice consists in obtaining an undue merchandise delivery, in other words, diverting a product’s delivery. The perpetrators send an email that appears to be from a brand or company and requests large purchase quotes from sellers or distributors. Then they request payment for these purchases.
This method is especially dangerous since it can involve large amounts of money. Numerous elements give the appearance of an official site, lending credibility to identity theft. Fraudsters access official signatures and stamps from freely available online general assemblies, as well as recent financial statements, at least partially. Only the phone numbers and email are linked to the scammer.
Email Interception and Fake Bank Details
The most recent domain name infringement trend consists in redirecting a legitimate bank transfer to a third-party account. It is classified as a high-level attack because it primarily involves real estate and banking transactions.
The perpetrator begins by hacking the victim’s email. They monitor exchanges until they find an interesting transaction, identify related order discussions, and intercept a legitimate email during these exchanges. Then, they replace the legitimate email with a falsified one, modify the attached bank details, and send the email to the correspondent. Scammers use forged emails that look exactly like legitimate emails. Because of multiple exchanges in the victim’s email, the victim frequently misses the subtle email change, resulting in transactions that benefit the perpetrator.
Consumers, companies, and owners of intellectual property are all affected by the recent rise in domain name infringement. Malicious actors can commit more difficult-to-detect domain name abuses thanks to increasingly sophisticated and cunning attack vectors combined with computer tool mastery. It is critical to exercise extreme caution when using the internet, emails, SMS, and even paper mail. The best way for businesses to protect themselves, their leaders, and their customers is to keep an eye on their domain names and put in place a policy and plan of action that takes this into account. Today, we talk about compliance strategy and domain names. If you have any questions, please do not be hesitant to get in touch with us.
To find out more, read our article New AFNIC Mediation Procedure: Fast and Free Dispute Resolution for Domain Name Holders