In an interview for an upcoming feature in LPM, one of the industry’s leaders in the fight against counterfeit products noted a shift in how fake goods are primarily marketed to customers.
A decade ago, Charles Olschanski, senior director of global brand protection and investigative services at Tiffany’s, was witnessing a yearly doubling in the number of fake company websites selling bogus Tiffany products—at Tifany.com, perhaps—which the company would identify and then take over to use as a platform to warn consumers about counterfeit merchandise. In subsequent years, however, phony misspelled domains have been less central to the fight against fakes, he said, as the selling of counterfeits migrated more to online marketplaces and, increasingly, social media.
But the problem of misspelled domains remains, even if the purpose behind them has changed, notes a study released in November by CSC’s Digital Brand Services Division. The study examined registered domain misspellings associated with the ten largest online shopping brands in the world. CSC uncovered 1,553 domain typos related to these companies, 70 percent of which were owned by third parties and many employing domain privacy services to mask or hide ownership and identity. In all, these misspelled brand domains received over five million visitors annually.
So, if not always using the sites to trick people into buying fake goods, what would a third-party want with a ‘Wallmart.com’ domain?
- 38 percent are pointing to advertising-related and pay-per-click web content, which can be used to spread malware via domain parking services.
- 27 percent had no live web content, yet 40 percent were configured to send and receive email with MX records, which can be used for phishing and/or to intercept email.
- 15 percent were engaged in affiliate referrals, which means the brand owner could be targeted for unauthorized affiliate activity resulting in loss of revenue.
- 12 percent were pointing at shopping-related web content which indicates that consumers could engage with nefarious retailers selling counterfeit goods while brand owners lose revenue.
- 8 percent were pointing toward malicious web content, such as malware.
Typosquatters, as some call them, use a brand’s good name to score clicks, steal information, or earn money—and while there may be less direct revenue reduction associated with this scam than in the past, the risk to a retailer’s brand remains significant, as any link to illegitimate activities can harm how customers think of the brand. Retailers can ill afford to be associated with exposing users to malicious and illicit content.
They may use a different domain suffix—a .info instead of a .com, for example—or exploit common misspellings, sometimes by adding or deleting an “s” at the end of the domain name. ‘Combosquatting’ is similar, with scammers adding a word to the retailer’s name: Kohlsonline.com, for example; adding or subtracting a dot in a website name is also a common ploy. Cybercriminals may attract visitors to bogus websites by send out phishing emails using a typosquat of a retail organization’s website.
Once lured to a bogus website, there are additional strategies scammers use to trick visitors. “Online criminals are always finding new creative ways to trick internet users, [such as] a pop-up scam on typosquatting domains,” note Australian researchers in their April 2020 study, Typosquatting for Fun and Profit. “JavaScript alert message boxes steal the focus of the website, show a short text message to the user and try to either lure or scare the user into taking specific actions or exposing their data.” The scam “attracts the user’s attention very effectively,” as alert boxes are a blocking user interface element.
Ihab Shraim, chief technology officer for CSC, said the research was intended to highlight how brands and consumers are at increased risk for a multitude of threat vectors associated with online fraud, counterfeits, revenue leakage, and many other cyber-criminal activities. The research also uncovered surprisingly lax domain security amongst top shopping websites, which puts brand owners at risk of distributed denial of service (DDoS) attacks, domain name system (DNS) hijacking, and phishing.
The study found that only 16 percent of the top 500 global eCommerce and shopping domains leverage DNS hosting redundancy, which could secure their online presence from a DDoS attacks. In addition, only 18 percent use registry locks that prevent DNS hijacking attacks that could redirect consumers to alternate websites. Finally, 40 percent of retailers do not use enterprise-class domain registrars. “This is partially explained by the fact that 40 percent of the observed domains still rely on retail registrars that typically don’t provide advanced domain security features,” according to the study.
What should retail shopping sites do? CSC and the FBI offer advice to brand owners for preventing their good name from being tweaked just enough for it to be used for nefarious purposes.
- Ensure operating systems and applications are updated to the most current versions.
- Update anti-malware and anti-virus software and conduct regular network scans.
- Establish a domain security council that assists with domain strategy and policy. This includes identifying and registering defensive domains in key country markets, including keywords and misspellings. Additionally, the council should champion defense in depth recommendations for secure domain management, including registry lock, reliance on enterprise class domain registrars, DMARC, DNS security extensions (DNSSEC), and DNS redundancy.
- Continuously monitor the domain space and key digital channels like marketplaces, apps, and email for brand abuse, infringements, and fraud.
- Perform global enforcement, including takedowns and advanced techniques in internet blocking.