Preventing cyber criminals exploiting your brand online

Your brand is your business – it’s essential to protect it from cyber crime so your intellectual property, your details and those of your clients and contacts are not put at risk. How can your brand be exploited online – and what staps can you take to ensure you’re safe.

Fraudulent websites

A third party constructs a website identical or highly similar to your own brand website using an identical, or confusingly similar, domain name which they use to defraud genuine customers. This happens through misleading them into thinking that the website is run by or has a genuine commercial connection with your brand.

This often leads to consumers disclosing sensitive personal and financial information including name, address, credit card or bank details by making orders for products or services which do not exist.

Steps to take

Report the domain immediately to the relevant registrar, as it is a breach of the conditions of domain name registration to conduct illegal activities such as fraud. By not taking action to prevent these activities once reported to them, the registrar can also be held responsible.

By approaching the registrar as the genuine brand owner and providing evidence that the domain is fake, the registrar must act quickly to prevent further fraudulent activities and will usually immediately move to block and shut down the domain.

Cybersquatting

Cybersquatting involves a third party registering a name which is identical or confusingly similar to your own brand but with a different general top level domain (“GTLD”), for example “.com” or “.net” so you cannot register it and use it yourself.

Steps to take File a Uniform Domain Name Dispute Resolution Policy (“UDRP”) against the registrant of the domain.

These are universally-recognised domain name dispute resolution mechanism administered by the World Intellectual Property Office (“WIPO”). The requirements for successfully challenging a domain name registration are as follows:

1. The domain name in dispute is identical or confusing similar to a registered or unregistered trade mark actively in use by your brand
2. The domain name registrant has no legitimate right or interest in registering it or good faith intention to offer goods or services themselves using the domain
3. The domain name was registered and is being used in bad faith to target your brand in some way.

In the context of a UDRP, bad faith is recognised as attempting to sell the domain name back to your brand or business at a profit, knowingly preventing your brand from using it and to disrupt your business as a result or to confuse customers looking for your brand’s genuine website.

In the UK, there is a similar domain name dispute mechanism knows as DRS specifically in relation to “.uk” domains which applies the same principles as the UDRP. In the case of “.uk” dispute the domain can be either registered or used in bad faith which can in some cases be easier to prove.

CEO fraud: phishing attacks

A third party registers an highly-similar domain but does not use it to create a website, instead creating email addresses which are almost identical to genuine email addresses in use by your business or brand.

These email addresses are then used in phishing attacks to obtain personal and financial information from customers and employees who are tricked into believing that the email is from a genuine source.

Larger organizations are often targeted internally by fraudsters posing as either a CEO or high-level director requesting transfers of large sums or money or highly sensitive information known as CEO fraud.

Steps to take

1. Report the domain to the relevant registrar
2. File a UDRP or if a .uk domain file a DRS.