As trademarks owners and domain names specialists are well aware, scammers and cybercriminals can be very imaginative and continuously find ways to harm trademarks and consumers by maliciously registering and using phony domain names.
Cybersquatting and typosquatting
These practices, commonly known as cybersquatting or domain squatting, notably consist in registering domain names including trademarks. Cybercriminals then intend to sell these domain names to the concerned trademark owners, to tarnish their visibility and reputation or to unduly profit from these domain names.
One of the best known type of cybersquatting consists in deliberately registering typing-error domain names which look very much alike popular trademarks or domain names. This practice is called typosquatting and mainly relies on mistakes made by Internet users when entering an URL address in their browsers.
Examples: <salando.com> instead of <zalando.com>, <google.cm> or <googel.com> instead of <google.com>
By this means, scammers intend to expose Internet users to unsolicited advertisings, malwares or phishing websites. Domain typosquatting is indeed frequently used in the frame of phishing schemes, a fraudulent technique aiming to trick Internet users into sharing their personal data, downloading malwares through look-alike websites or sending them malicious emails by misusing a company’s identity.
Internationalized domain names (IDN) and homograph attacks
For several years now, the internationalization of Internet has made it possible to register Internationalized domain names (IDN), namely domain names that contains, in whole or in part, characters from local languages and alphabets such as Arabic, Chinese, Cyrillic… or accented Latin characters such as French.
Needless to say, the rise of Internationalized domain names (IDN) offered almost endless possibilities for cybercriminals since it allows them to leverage on the similarities of characters from different alphabets and mix them in order to register domain names more resembling than ever to existing domain names or trademarks. This practice is commonly referred to as IDN homograph attack or homograph domain name spoofing.
Indeed, some non-Latin characters (from Greek and Cyrillic alphabets for example) are confusingly similar to Latin characters and herein lies the trick for registering phony lookalike domain names.
If it possible to register Internationalized domain names (IDN) since many years now, homograph attacks increased in recent years, targeting some top global trademarks. Here are some examples:
- <airfrạnce.com> (used within a massive phishing scheme at the start of 2018), <airfṛance.com>, <ạirfrance.com> infringing the rights of the French airline company Air France;
- <ɯhatsapp.com>, <whɑtsɑpp.com>, <ɪnstagram.com> infringing the rights of the social medias WhatsApp and Instagram;
- <bmẉ.com> infringing the rights of the German group BMW;
- <ıĸea.com> infringing the rights of the Dutch company IKEA;
- <e-lẹclerc.com> infringing the rights of the French supermarkets chain E. LECLERC…
Cyberquatting comes in many variations and shows scammers’ great agility and limitless imagination.
The consequences of homograph attacks and cybersquatting attacks in general, especially those associated with phishing schemes, could be very harmful to the companies in terms of business, image as these attacks could incur a loss of customer confidence as well as financial losses.
That being said, cybercriminals do not only target top global companies but can also attack any company by interfering internally, with suppliers, distributors… through the registration of lookalike domain names including the companies’ trademarks or names, used within phishing schemes and aiming to divert funds.
This highlights the need to monitor trademarks on the Internet and especially among domain names in order to quickly detect and efficiently neutralize any domain name that could be used to cause harm to rightsholders.
Our firm remains at your disposal to discuss your trademark’s protection among domain names and assist you with cybersquatting issues.
Lucie PRUNIERES, IP Lawyer
INLEX IP EXPERTISE