Domain names like other intellectual property rights are vulnerable to exploitation from other online users. With the significance of user traffic for brands and advertising campaigns, the opportunity to monetise on the domain name of a reputed business is a very real one. The resulting consequences are misled consumers, damaged reputations and, flowing from those, considerable financial losses.

Cybersquatters

 In the last few years the managing body for all domain names, the Internet Corporation for Assigned Names and Numbers (ICANN), had initiated the practice of granting registration for extensions like .xyz, .blog, .brand, .online and many more, leading to an abundance of variations of Top Level Domains. We are now seeing over 1500 registrations. This inspired, so called, cybersquatters to register variations of already existing well-known domains, for example lego.blog. By predicting what a brand is likely to register, weather on geographic terms or by using more of its brand content, cybersquatters can hold domain names hostage until the brand with a legitimate interest in the name is willing to purchase the registration at a substantial sum. The leverage that cybersquatters hold over brand owners is that having diversions or interruptions to consumer flow is highly undesirable for a brand, its sales and its reputation.

Typosquatters 

Similarly, the registration of mis-spelled popular domains relies on online consumers mistyping a web address. The website they accidently reach often mimics the original with the intention to mislead the newcomer in providing their user information, or to simply make a profit from user traffic. Some of the most targeted names in this practice are Apple, Google and Facebook, where omitting or substituting a letter leads to a journey to unknown digital grounds.

While typosquatting can be a threat, there is scope for tolerance with for example websites like Racebook.com or Goole.com who have their own legitimate right to exist. Yet the margins can never be too clear. A comic, yet serious from a brand’s point of view, domain dispute is MikeRoweSoft v Microsoft. A student, with the name Mike Rowe, set up his web design business under the domain name MikeRoweSoft.com. He was aware of the resemblance of his domain to a certain computer brand but found the link rather amusing. Microsoft, backed by the court but pressured by social media, which showed overwhelming support for the young web designer, had to approach the instance with great sensitivity in order to acquire the domain.

Phishing Scams

Phishing is a direct threat to the online user. It involves deceptive emails or instant messages, a click on which leads to a false website designed to capture sensitive information like usernames, passwords and credit card details. Phishing often targets the subscribers of well-known services and disguises itself as part of the service that a user is already familiar with. For example, registered brands and trade mark practitioners may receive a trade mark renewal notification email with a payment request from the ‘World Trademark Organisation’ which intends to imitate WIPO (The World Intellectual Property Organisation), the official body for international trade mark renewals. Sophisticated in their form, a false service provider can mimic the original ever so closely, leaving the user vulnerable to making the mistake of giving the phisher what they were phishing for.

Domain Hijacking

 This involves hacking into a Registrant’s account and changing the information therein, including the ownership of the domain. All for the purpose of redirecting traffic, re-selling the domain or phishing for user data.

Pay-Per-Click (PPC) Links

 Despite Google’s commendable efforts in tackling click-fraud, a good percentage of it remains. The online marketing community heavily relies on a pay-per-click practice as a way of reaching a vast audience. The whole process has often been compared to a data driven science where PPC (pay-per-click) statistics help to determine the effectiveness of a marketing campaign, all for the purpose of increasing both online and in store sales. The chain behind the pay-per-click fever starts with the brand who hires an advertising agency who then, having picked a suitable platform for the add, often a web page that already has adequate viewership, pays the host of the platform each time the ad receives views. To ensure viewership the host may pay someone else to direct traffic to their platform. Up to this stage everything is legitimate but here is where legitimacy becomes blurred. Traffic providers can vary in their traffic-quality. The fraudulent element comes from that a large proportion of purchased traffic is fake traffic, what is also known as bot traffic. Going back to the beginning of the chain, this is a concerning fact for the brand having invested a vast amount of money in making their marketing campaign viewed by as many people as possible, when in fact only a small percentage of the results are actual human views, or clicks.

How does that affect a domain name holder? With the above in mind, a mischievous traffic provider may create a near identical web page as that of a popular with advertising companies host. This can also be an instance of domain hijacking. A fake website with a fake viewership can deceive advertisers to place their adds there and pay for them each time a click is recorded.

Final thoughts

The online space has already established itself as an opportunity within a challenge and visa versa. As a key element of the Internet, domain names inherently carry this characteristic. In full understanding of that, brands and regulatory bodies have evolved continuously in their tackling techniques, and whilst increasingly successful, the challenge remains.