.inc’s recent webinar and whitepaper on brand safety dealt with the protection of domain names in a world where scamming is rife, operates under multiple guises and has the capacity to wreak havoc on a business. The webinar, Treating Digital Truth Decay, featured a conversation between Ruminul Islam, a brand protection analyst at Safenames and Jamie Nafziger, a partner at law firm Dorsey & Whitney. Jamie Nafziger also authored the whitepaper, entitled Deepfakes, Fake News and Viral Hoaxes. Both the webinar and whitepaper cover similar issues, the most salient of which are detailed below.
What types of threats exist?
Domain names can fall prey to a number of different scams, including phishing and typosquatting. Nafziger honed in on the latter in her webinar, explaining that typosquatting involves making a very subtle change to a domain name (such as replacing one letter) in order to make people believe that they are communicating with its real owner. She also mentioned dropcatching. When a company lets a domain name expire, squatters can step in and acquire it. They can then attempt to extort money from the original owner of the name, refusing to return it, unless they are paid thousands. Alternatively they can use it to redirect traffic to a site of their own choosing.
These are just some of the threats that exist.
What are the consequences of being scammed?
There are many consequences of being scammed, some of which are a loss to reputation, financial loss and the risk of tax fraud. In addition, a business must bear the legal cost of pursuing the scammer.
What can companies do to avoid being scammed?
There are a number of actions companies can take to avoid scammers hijacking their domain names.
Firstly, Nafziger advocates choosing a memorable and distinctive brand name. This helps users of the domain name to identify it in a sea of other brands. Nafziger writes in her whitepaper, “strong brands are usually coined terms that are easy to spell or are existing words used in unexpected ways.” A weak brand name attracts scammers, who, with small tweaks, can stealthily change the domain name and redirect traffic to their sites.
Nafziger is in favour of short domain names. We have become accustomed to a world of truncated communication; emojis are used to convey feelings and thoughts, and abbreviations are routinely utilised in online communication. In-keeping with the linguistic tendencies of the virtual world, Nafziger proposes using names without hyphens and numbers. This, she asserts, will mitigate the risk of typosquatting. In her whitepaper she writes, “to get a short domain name, consider registering in one of the new generic top-level domain (gTLD) names, which have greater availability than .com.” Frequently the brand name followed by .com is already in operation, while the brand name coupled with .inc will not be taken. She recommends carrying out careful checks on the registry in order to assess its reputation and ascertain what protection it provides.
Nafziger also advises companies to register defensively. Businesses should think of different variants and misspellings of a domain name and register these. They should also register in other domain name extensions. Scammers routinely use homographs to create fraudulent domain names. Homographs are words that are mostly in Roman alphabet but include, for example, two Cyrillic characters. They are difficult to detect and can therefore be put to effective use by scammers. It is advisable to register or block homographs.
Nafziger suggests auto-renewing domain names to avoid loss of business and dropcatching. She also recommends locking domain names: “Protect the domain names you have from unauthorised transfers by using registrar lock services and registry lock services if they are available.” She recommends immediate action if infringement occurs.
At the end of her whitepaper, Nafziger mentions ICANN’s next round of domain name expansion and the potential for brands to register a .brand gTLD.
If you would like to listen to the webinar and download the whitepaper, please click here.
