JD Supra: 1f You Can R3ad Th15 – Security and Scam Alert

1f You Can R3ad Th15 – Security and Scam Alert

by Susan Okin Goldsmith, Scott Smedresman | McCarter & English, LLP

You may think there is no value in chasing domain name squatters because customers find your website through search engines, but consider squatters as internal and external security risks. A constantly evolving threat, there are new variations on old domain name scams.

Spear-Phishing Among Your Employees

Most of us have received phishing emails in which a victim is asked to give a real password to (unknowingly) enter a fake site, or is asked to send money. You may have learned to check the sender’s address for validity. But what happens when after a quick review, the address looks valid and the email also looks like it has come from another employee? These malicious emails can provide hackers with a back door into company systems and get people to ignore established procedures.

This is “spear-phishing” at its most dangerous. It happened in 2014 to the then-controller of a company in Omaha who wired over $17 million to offshore accounts on the strength of emails he believed to be from his CEO. The email address looked similar enough, and included instructions that made sense at the time. Detailed article here.

Some companies are fortunate enough to have employees who recognize the malicious emails. Sometimes the company may bring immediate action in court, or it can choose the much less expensive UDRP option (its clunky full name: Uniform Domain-Name Dispute Resolution Policy). The UDRP enables the company to get an administrative Order of Transfer of domain names which have been registered and are used in bad faith. (There is also a Uniform Rapid Suspension System Policy, or URS, which enables a company to suspend some squatted domains rather than seize them).

In one such recent case, the controller of Thornburg Investment Management (Thornburg.com) received emails purportedly from the CEO, requesting wire transfers. The sending email address came from a @Thomburg.com domain name. Did you notice the “r” and “n” are replaced with an “m”? This controller did notice, but in a fast paced business environment, some executives may not be so lucky. UDRP decision here.

In yet another case, customers were lured into transferring virtual game credits to scam artists with addresses from typosquatted domains. The scam artists piggy backed on a real company promotion. Detailed article here.

Vigilance and proactive measures are still required to prevent hackers and scam artists from hurting you and your customers. It is impossible to proactively register all possible variants, so domain name watch services should be employed with an eye to security as well as protection of the trademarks. Registered marks are the easiest to enforce, so be sure your company name and key brand names are registered in all key markets.

New Variation on Another Old Registration Scam

Most company CEOs, general counsel and Security personnel have by now received multiple inquiries from fake domain name registrars telling them that “ABC wants to register YourBrand.CN, YourBrand.TW, etc., but we (the fake-domain name registrar) noticed that YourBrand belongs to you, and should we let this go through?”

Recipients routinely and safely ignore these emails and register domains of interest through normal channels. However, there is now a new variant. A “brand authentication service” sends an email to you allegedly having received an application from a stranger, in which the service claims the stranger has applied for the registration and authentication of “YourBrand” as an official brand website. In some cases, there is a website at the address of the “brand authentication service” which looks pretty convincing. However, this is just a slightly more sophisticated variant of the same scam we have been seeing for many years.

We give our thanks to summer associate, Cristián Ossa, for his assistance with this client alert.