CYBERSQUATTING: WHEN THE BATTLE FOR DOMAINS TURNS UGLY

By Tim Helming, director of product management at DomainTools.

It is no secret that for businesses hoping to do well in the digital space, a good domain name is crucial to their success. Domain names are defined as ‘a distinct subset of the internet with addresses sharing a common suffix or under the control of a particular organization or individual.’ In layman’s terms, it’s the address one uses to reach a website.

Tim Helming
Tim Helming

For organizations to have an effective internet presence, it’s crucial that they have ownership of the domain which best represents their brand, making domains big business. To illustrate this point, consider that the current President of the United States, Donald Trump, is in possession of over 3,000 domains, ranging from the fairly obvious TrumpBuilding.com, right through to the preventative (VoteAgainstTrump.com). While this is an extreme example, it highlights that domains are power.

The underlying value of domain names is not lost on cybercriminals, which makes the murky world of cybersquatting such a lucrative business. Cybersquatting is the practice of purchasing domains with the intent of stealing internet traffic from a well-known and trademarked brand or individual, and then selling these domains to rightful owners of the trademark, for sometimes a massive profit. Cybersquatting often takes advantage of typing mistakes, bad spelling practices or human error. These strategies back companies into a corner, and create a situation where the most cost-effective means of solving the problem is to buy the cybersquatted domain – lining the pockets of cybercriminals in the process.

So one would be forgiven for assuming that anyone who engages in cybersquatting is motivated by profit, an unscrupulous independent cybercriminal. As so often, the reality of the situation is a lot more complex. According to research conducted at this year’s Infosecurity Europe in London, cybersquatting could be almost as prevalent amongst security professionals as it is amongst their sworn enemies, cybercriminals.

Over a third (37%) of respondents to a DomainTools survey of over 300 security professionals reported that they had been a target of cybersquatting, and were aware of other domain names that tried to siphon revenue, tarnish their brand and/or copy their website. When asked how much they would be willing to spend to take down a website that was leveraging their company name, 43% said that ‘the sky’s the limit’. But, 28% of respondents admitted buying domain names to deflect business away from their competitors.

It is somewhat ironic that over 40% of the cyber security professionals we spoke to are willing to spend over £10,000 to stop anyone else using a domain to affect their business, considering nearly a third of them are registering domains for the purpose of targeting their competitors. These results also show how important domains are to a company’s brand, security and bottom line.

So how can companies combat this scourge, when even security professionals are occasionally using similar tactics? Companies who are worried about being a target should seek to register as many domains as possible. For some brands, it is not practical to register all of the possible combinations of their domain. It can easily run to the tens of thousands of domains, if not over a hundred thousand for a company with multiple product names. The best advice is to register as many relevant domains in the major TLDs as possible (“major” being com, net, org, .co.uk, biz, us, info, .de) and to keep an aggressive eye out for squatting domains.

For the consumers being duped by these false websites, it can be equally important to keep an eye out. While many of the domains registered for the purpose of cybersquatting are essentially harmless, and just a prerequisite for the cybercriminal’s payday, this muddying of the water surrounding legitimate domain names could lead confused consumers to wander into more sinister territory. A recent DomainTools study found over 300 fake banking domains, which were being used to target bank customers in the UK, tricking them into believing these malicious domains were genuine.

In order for consumers to be able to pick up on malicious cybersquatted domains, the devil is in the details. In general, there are patterns that tend to be red flags. For example, you don’t typically see luxury brands using domain names that begin with words such as ‘cheap’ or ‘discount.’ Similarly, they generally do not add numbers to their domain, as in ‘123(brand).com’ either. Many such domains exist, but they are being controlled by entities that have nothing to do with the brands themselves and are not likely to give the shopper a satisfying experience. It is also important to note that looks can be deceiving – the pages of many illegitimate sites look virtually identical to the real thing. This is where looking closely at the URL can be a real difference-maker for staying safe.

Navigating the internet safely can be a minefield for consumers, and taking control of your presence and visibility online can be equally perilous and costly for businesses (or Presidents). It’s important for businesses to be aware of these practices, and for consumers to be as vigilant as possible when searching for a trademarked website. But when even those in the business of security are involved, this is no easy task.