UK firms are launching legal challenges over fraudulent domains in record numbers, as criminals attempt to trick consumers into entering personal and financial information into a bogus website.
A dot, dash, or extra letter could be the only difference between a legitimate website address and a fraudulent one. Criminals can then copy the layout of the real website with relative ease, perhaps even purchasing a security certificate to add to its authenticity.
In 2018, the number of domain name dispute challenges hit a high of 305, according to the World Intellectual Property Organisation (WIPO), a United Nations agency that hears such intellectual property disputes.
That’s a 10% increase from 2017, when there were 277 fraudulent domain disputes. Since 2014, the number of disputes has increased by 62% from 188 cases.
Once online criminals have lured a person to their fake website – perhaps one using an alternative to ‘.com’ or ‘.org’ – their goal is often to trick people into inputting personal and financial information.
This information is then stolen and can be sold on the dark web, used to carry out identity theft or as information to carry out future more targeted scams, such as phishing attacks.
The damage caused by fraudulent domains
Commercial law firm EMW, which pulled together WIPO’s data, points out that in addition to being costly for the consumer, domain name fraud can be damaging for the company’s brand if they fall victim to a serious imitation. This could potentially lead to businesses losing sales in the short term as consumers lose trust.
Mark Finn, principal at EMW, said: “Illegally replicating corporate websites is big business for fraudsters but companies are fighting back.”
“Customers will likely consider bigger businesses morally responsible if their data is stolen so it is crucial that they proactively register related domain names to prevent fraudsters from replicating their business online.”
Finn recommends that businesses take a proactive approach when it comes to tackling fraudulent domains.
“The burden of protecting your online brand may seem high due to the overwhelming number of available web addresses,” he continued. “However, it is relatively inexpensive to register numerous domain names and it is a simple yet crucial step.”
Fraudulent domains a global problem
The problem of domain fraud isn’t limited to the UK. WIPO’s data also shows a global increase in domain name disputes, rising from 3,074 in 2017 to 3,447 in 2018.
In June, US enterprise security firm Proofpoint released a report that identified domain fraud as a growing risk for businesses and consumers.
In one example, cybercriminals impersonated Her Majesty’s Revenue & Custom’s domain during this year’s tax season as part of a phishing scam.
In another, WIPO found that domains such as Travelex.exchange were an infringement of foreign currency exchange company Travelex. WIPO subsequently transferred all similar names to Travelex.
“Registering your brand as a trademark is the first thing businesses should do to give them more rights over similar web addresses,” added Finn.
“WIPO will rule in favour of the company that holds an existing trademark against those who appear to be acting in bad faith.”