To say that the expansion of the ICANN’s New Generic Top Level Domains is a great concern for trademark owners is an understatement. The impact on an organization’s bottom line will certainly be affected, particularly in the area of trademark protection. In a recent AFP news article, Francis Gurry, head of the World Intellectual Property Organization, explained that he believes this expansion will have a great impact on businesses as it is an “opportunity for misuse of trademarks”. What people may not know and what he points out is that registering a domain name is quick, relatively inexpensive and does not require an approval process to ensure the registration does not conflict with the rights of a trademark holder. Due to these very real concerns it is not surprising that there are a lot of discussions and debates around the New gTLDs, but what about the original 22 gTLDs like .com, .net and .info? Do businesses and their customers still need to be concerned about them? The answer in short is, yes. Below is a list of issues that should still be on your radar.
Registrars have no obligation under ICANN rules to put each domain registration through a vetting process to ensure that the registrant has the rights to own and use the domain name. Anyone can register a domain name, even one that contains a well-known trademark. Cybersquatting is the term used to describe the practice of registering or selling a trademarked domain name for commercial gain. The goodwill established by a well-known trademark is extremely valuable and if the registrant knows they have a domain name that you may need in the future, they may try to hold it hostage for a hefty price.
You might be dealing with a cybersquatter if…
The domain name directs you to:
1) A page that does not resolve or
2) A page that has links for ads related to your product or service or
3) A parked page (put up as a placed holder by the registrar) or
4) An under construction page
In this case, the offender is literally banking on your typing and spelling skills not being up to par, hoping that you will at some point make a typographical mistake entering the website address in your browser. Typosquatting, also referred to as URL hijacking, is a form of cybersquatting and used to describe the misspelled name in a domain. The offender will throw in an extra letter or two (or three) or change the order of the letters, for example: “masteracrd.com” instead of “mastercard.com”. To the unsuspecting user, it might be difficult to spot the difference. This practice is made possible by the trust that customers and consumers have in a particular brand or trademark. Users can be lead to malicious sites that may ask for personal information or infect the user’s machine with malware.
Phishing and Identity Theft
Phishing attacks sometimes involve malicious domain name registrations for fraudulent purposes. These domain names are solely registered to trick the unsuspecting user into thinking that the spoofed website they are visiting is their financial institution’s online banking website. Financial institutions are not the only target of these offenders. I have also seen major retailers and organizations from other industries being targeted for phishing and identity theft related purposes. The offender will employ typosquatting techniques or will use the correct spelling of the mark but also add words like “online”, “login” or any other variation of the name to make the domain name appear to be legitimate.
Domain Registration Scam
This domain registration scam involves an unsolicited email sent from a registrar in Asia directed to the “CEO” or “President” of an organization. In the email they claim to be doing you a favour by informing you that some entity has applied to register your brand’s name in a domain extension utilized in the Asia region like .cn, .tw, .co.kr, etc. This type of scam has been around for years and I have seen them go as far as to claim themselves as an “intellectual property rights consultant organization”. Their goal is to have the very concerned party (your organization) contact them immediately and then offer to sell you the domain name for a very expensive price. They will usually claim that their offer is only good for a limited time and that if there is no response, the registration application for the interested party will be approved. Similar to phishing sites, people might be more inclined to fall for these types of scams because of the urgent nature of the language in the email. Recently, the Better Business Bureau released an article warning people about this scam. Check it out for more information.
So what can you do to protect yourself from these domain registration headaches?
- Perform daily domain monitoring for new domain registrations that use your trademark.
- Do not respond and delete unsolicited emails from registrars claiming to give you a “heads up” that someone is trying to register your trademark in a domain. If you are concerned with registering your domain name in an extension applicable to certain jurisdictions, use a registrar of YOUR choice.
- ALWAYS check the spelling in the URL when you visit a website, especially prior to entering your personal information.
- Know the official corporate website for companies that you interact with on a regular basis. You may opt to use your browser’s bookmark feature to ensure that the same website is visited each time.
For peace of mind it would be advantageous for organizations and the general public to adopt a similar approach when it comes to their online activity. Threats arising from questionable domain registrations in the original gTLD space will continue to be a concern. For organizations, these issues have the potential to wreak havoc on your reputation and may also leave it vulnerable to liability which can lead to substantial losses.