Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

CYBERSQUATTING: WHEN THE BATTLE FOR DOMAINS TURNS UGLY

By Tim Helming, director of product management at DomainTools.

It is no secret that for businesses hoping to do well in the digital space, a good domain name is crucial to their success. Domain names are defined as ‘a distinct subset of the internet with addresses sharing a common suffix or under the control of a particular organization or individual.’ In layman’s terms, it’s the address one uses to reach a website.

Tim Helming
Tim Helming

For organizations to have an effective internet presence, it’s crucial that they have ownership of the domain which best represents their brand, making domains big business. To illustrate this point, consider that the current President of the United States, Donald Trump, is in possession of over 3,000 domains, ranging from the fairly obvious TrumpBuilding.com, right through to the preventative (VoteAgainstTrump.com). While this is an extreme example, it highlights that domains are power.

The underlying value of domain names is not lost on cybercriminals, which makes the murky world of cybersquatting such a lucrative business. Cybersquatting is the practice of purchasing domains with the intent of stealing internet traffic from a well-known and trademarked brand or individual, and then selling these domains to rightful owners of the trademark, for sometimes a massive profit. Cybersquatting often takes advantage of typing mistakes, bad spelling practices or human error. These strategies back companies into a corner, and create a situation where the most cost-effective means of solving the problem is to buy the cybersquatted domain – lining the pockets of cybercriminals in the process.

So one would be forgiven for assuming that anyone who engages in cybersquatting is motivated by profit, an unscrupulous independent cybercriminal. As so often, the reality of the situation is a lot more complex. According to research conducted at this year’s Infosecurity Europe in London, cybersquatting could be almost as prevalent amongst security professionals as it is amongst their sworn enemies, cybercriminals.

Over a third (37%) of respondents to a DomainTools survey of over 300 security professionals reported that they had been a target of cybersquatting, and were aware of other domain names that tried to siphon revenue, tarnish their brand and/or copy their website. When asked how much they would be willing to spend to take down a website that was leveraging their company name, 43% said that ‘the sky’s the limit’. But, 28% of respondents admitted buying domain names to deflect business away from their competitors.

It is somewhat ironic that over 40% of the cyber security professionals we spoke to are willing to spend over £10,000 to stop anyone else using a domain to affect their business, considering nearly a third of them are registering domains for the purpose of targeting their competitors. These results also show how important domains are to a company’s brand, security and bottom line.

So how can companies combat this scourge, when even security professionals are occasionally using similar tactics? Companies who are worried about being a target should seek to register as many domains as possible. For some brands, it is not practical to register all of the possible combinations of their domain. It can easily run to the tens of thousands of domains, if not over a hundred thousand for a company with multiple product names. The best advice is to register as many relevant domains in the major TLDs as possible (“major” being com, net, org, .co.uk, biz, us, info, .de) and to keep an aggressive eye out for squatting domains.

For the consumers being duped by these false websites, it can be equally important to keep an eye out. While many of the domains registered for the purpose of cybersquatting are essentially harmless, and just a prerequisite for the cybercriminal’s payday, this muddying of the water surrounding legitimate domain names could lead confused consumers to wander into more sinister territory. A recent DomainTools study found over 300 fake banking domains, which were being used to target bank customers in the UK, tricking them into believing these malicious domains were genuine.

In order for consumers to be able to pick up on malicious cybersquatted domains, the devil is in the details. In general, there are patterns that tend to be red flags. For example, you don’t typically see luxury brands using domain names that begin with words such as ‘cheap’ or ‘discount.’ Similarly, they generally do not add numbers to their domain, as in ‘123(brand).com’ either. Many such domains exist, but they are being controlled by entities that have nothing to do with the brands themselves and are not likely to give the shopper a satisfying experience. It is also important to note that looks can be deceiving – the pages of many illegitimate sites look virtually identical to the real thing. This is where looking closely at the URL can be a real difference-maker for staying safe.

Navigating the internet safely can be a minefield for consumers, and taking control of your presence and visibility online can be equally perilous and costly for businesses (or Presidents). It’s important for businesses to be aware of these practices, and for consumers to be as vigilant as possible when searching for a trademarked website. But when even those in the business of security are involved, this is no easy task.