Learning Center
Plans & pricing Sign in
Sign Out

Cybersquatting_ Frauds_ and Scams on the Internet


									Cybersquatting, Frauds, and Scams on the Internet
- ALI-ABA / Hot Topics in Internet Law for Business Lawyers: Don’t Get Caught in the ‘Net!
- June 3, 2008

by:   Richard E. Peirce
      Eckert Seamans Cherin & Mellott, LLC
      Two Liberty Place
      50 South 16th Street / 22nd Floor
      Philadelphia, PA 19102
      Phone: (215) 851-8389

    1. The Domain Name System And ICANN.

          a. The domain name system. Every computer on the Internet has an IP Address
          which consists of a string of numbers. Instead of having to remember numbers,
          the DNS allows letters to be used—hence, the domain name.

          b. ICANN. The Internet Corporation for Assigned Names and Numbers, or
          ICANN, is a nonprofit corporation which is responsible for a number of things in
          connection with the technical operation of the Internet (IP address space
          allocation, the gTLD and ccTLD domain name system, to name a few). See,

    2. Defining A Domain Name.

          a. A domain name is the “telephone number” of the Internet. Just like telephone
          numbers are used to reach people, domain names are used to reach web content.

          b. Parts of a domain name. If the domain name is the
          “com” is the top-level domain name, the “peircerbev” is the second-level domain,
          and the “beverages” (to the extent it exists in a specific domain name) is the third-
          level domain. There can be additional levels beyond the third-level domain. Third
          level or higher domains are commonly known as sub-domains. If the domain
          name is, the “beverages” portion is commonly known
          as a subpage or sub-directory.

          c. Ownership. Similar to other types of intellectual property, a domain name
          registration is “owned” by its registrant (the common term used to describe the
          owner of a domain name registration). The registration can be transferred, sold,
          and licensed.

          d. Domain names and trademarks.

                 i. Domain names are not trademarks. However, domain names can be
                 protected as trademarks if they are used as source indicators. (For
                 example: If a domain name is simply used as a domain
                 name in its technical sense, and nothing more, then it is not functioning as
                 a source indicator, and hence, not a trademark. See, Trademark Manual of
                 Examining Procedure §§1209.03(m) and 1215 for additional
                 information concerning registering marks that consist of domain names
                 with the U.S. Patent and Trademark Office.
             ii. Abandonment. Unlike a trademark, rights in a domain name will
             normally not be lost as a result of non-use. This important difference
             allows preventive registrations to fight off cybersquatters.

3. Domain Names And Websites.

      a. Servers. A server is, in essence, a computer that houses web content available
      on the Internet.

      b. If a party wants a specific domain name to point to specific web content, there
      are generally two things that must be done. First, the domain name, through the
      registrar account, must be configured to point to a specific server. Second, the
      server must be configured to “accept” the domain name.

      c. Multiple domain names and one website. Similar to the process described
      above, multiple domain names can be configured to point to the same web
      content. This is especially important to in-house legal departments when
      preventing and/or pursuing cybersquatters. Any additional domain names
      acquired can be configured to point to the same web content as the client’s main
      domain name. For example,,, and can all be configured to point to the same web content.

      d. Auto-forwarding. Certain registrars offer the option, usually at an added cost, to
      auto-forward domain names to other domain names. In essence, only one domain
      name needs to point to the desired web content. Other domain names are then
      “auto-forwarded” to the one domain name, thereby giving the impression that the
      other domain names are configured to point to the web content. There are dangers
      with using this option, including loss of control of the original domain name.

4. Domain Name Expiration Cycle.

      a. When a domain name registration is close to expiring, the registrar of record
      will normally send notices to the administrative contact email address(es) in the
      whois. The expiration date for a domain name registration can normally be found
      in the whois record.

      b. A typical domain name expiration cycle:

             i. The domain name is registered from 1-10 years.

             ii. If the domain name registration is not renewed before the expiration
             date, then it expires. At this point, the domain name does not yet become
             available for registration by others.

             iii. Once the domain name registration expires, the registrar (the entity that
             “sells” domain name registrations) will usually hold the domain name
             registration for a period of time after the expiration date has passed, which
             can typically run between one (1) and 45 days (and even longer). During
             this period, the domain name registration can still be renewed by the
             registrant through the registrar.

             iv. Redemption Grace Period. If the registrant does not renew the domain
             name registration during the registrar hold period referenced above, the
             domain name registration will be “released” to the registry (the entity that
             administers a certain domain name ending). The registry will hold the
             domain name registration for a 30 day Redemption Grace Period. During
             this 30-day period, the domain name registration can still be renewed by
             the registrant, but now only through the registry and at a higher cost.

             v. Five Day Registry Hold And Deletion. Once the 30-day Redemption
             Grace Period has ended (and the registrant has not renewed the
             registration), the domain name is put on hold for five days and then
             released to the public for registration.

      c. Back-Order Services. If you have a client who is interested in a certain domain
      name that is already registered, you can place a “back-order” on the domain name
      with the hope that if the registration expires and is released to the public, the
      back-order company can acquire the domain name before it is registered by some
      other entity.

5. Types Of Domain Names.

      a. There are generally two main types of domain names – Generic Top Level
      Domains Names and Country Code Top Level Domains Names.

      b. Generic Top Level Domain Names. These include .com, .net, .org, .biz, .info
      and other lesser known ones.

      c. Many of these top level domain names have restrictions on who can register
      them and/or how they can be used. Information on restrictions related
      to the generic top level domain names can be found at

      d. Country Code Top Level Domain Names. These specific domain name
      extensions are assigned to specific countries. (For example: .CA, .UK, .DE, .US
      are just a few.) Registration restrictions may apply depending on the specific
      domain name extension. Many of the ccTLD domain names do not have any
      restrictions, and some have been marketed beyond their specific country to a
      worldwide audience. More information on country code top level domain names
      can be found at
    6. Whois Data And Domain Name Ownership Issues.

           a. The whois tool provides limited ownership information on the registrant/owner
           of a domain name registration. Whois information can be accessed through a
           number of different websites. Typically, the whois information will include
           contact information such as name, physical address and email address.

           b. Reliability Of Information. There are many times when a registrant does not
           provide accurate whois information when a domain name is registered. False
           whois information can be an issue in domain name arbitrations and litigation.

           c. Private Registrations. The use by registrants of private registration services to
           hide their identities has become a very hot issue in the domain name world. The
           hidden registration services, which are many times offered by registrars, allow a
           registrant to hide its identity in the whois information. Many times, the whois
           listing will display contact information related to the registrar. One popular
           hidden registration service called DomainByProxy is offered by

           d. Reversewhois. This is a tool offered by some online brand monitoring
           companies that allows you to search domain name registrations by owner or other
           whois contact information.

           e. Incomplete whois data. At times, you will encounter whois data that looks
           incomplete. If that happens, you should try using the whois service offered by the
           registrar of record.


    1. Cybersquatting.

           a. It is generally defined as registering and using a domain name
           that is identical or confusingly similar to another party’s trademark with the bad
           faith intent to divert internet traffic from the mark owner, offer the domain name
           back to the mark owner for a price higher than the registration cost, and/or disrupt
           the mark owner’s business.

           b. Common web content at issue: competing goods and services, error page
           sites, pornographic sites, sponsored link sites, fraud and counterfeiting sites.

           c. Domain name variations to consider:

                  i. Plurals and hyphens. (peircebevs, peircebeving, peirce-bev.).

                  ii. Business designations. (peircebevcorp, peircebevinc, peircebevco,
             iii. Product designations and characteristics. (peircebevdrink, peirce-
             bevpop, peircebevcola, peircebevorange, peircebevsoda, peircebevthirst,

             iv. Geographic designations. (peircebevamerica, peircebeveurope,
             peircebev123, peircebevphilly, peircebevjersey, peircebevusa.).

             v. Typosquatting and phonetics. (peircebevcom, wwwpeircebev,

             vi. Negatives and positives. (peircebevsucks, peircebevstinks,
             peircebevlawsuits, peircebevlawyers, peircebevproblems, ihatepeircebev,

             vii. Miscellaneous. (mypeircebev, ourpeircebev, drinkapeircebev,
             peircebevforum, peircebevchat, peircebevblog, peircebevgroup,
             peircebevdiscussion, peirce-bevmeeting, peircebevclub, peircebev1.).

      d. Section 1125(d) of the Lanham Act (Anticybersquatting Consumer Protection
      Act) provides a federal cause of action for cybersquatting. The Uniform Domain
      Name Dispute Resolution Policy (
      provides an arbitration-like procedure for cybersquatting disputes involving
      certain types of domain names. Certain ccTLD domain names have their own
      domain name arbitration procedures as well.

      e. While the ACPA and UDRP are very similar, they do have some
      differences – For example, when defining cybersquatting, the ACPA uses
      “registers, traffics in, or uses a domain name that …”, while the UDRP defines it
      as a domain name that “has been registered and is being used in bad faith.”

      f. How expansive is the bad faith definition?

      g. Defenses – How far does the fair use defense stretch? What is legitimate use?

      h. Cybersquatting dispute strategy – Hidden registration details, cease/desist
      letter issues, settlement and domain name registration transfers, and
      arbitration/litigation (which one to pick?)

2. Fraudulent Domain Name Transfers.

      a. Be sure the client’s domain names are on locked status within the respective
      registrar account.

      b. Typically, transfer requests originate from the gaining registrar. As such, the
      client should be mindful of any domain name transfer requests it receives
      without prior knowledge of the transfer.
      c. Authorization codes - These are security codes consisting of letters and
      numbers that can be acquired from the transferor’s registrar account. The codes
      are needed for many domain name endings when one such domain name
      registration is transferred to another registrar. The gaining party will normally
      need the auth code to initiate the transfer process. Only disclose a domain name
      auth code to a party scheduled to receive the domain name through a transfer.

      d. Contact email addresses - It is important in any domain name registration
      transfer that the registrant and administrative contact email address(es) are active
      so that any transfer request sent to those addresses can be read and responded to
      in a timely manner. Keep these addresses active so that any fraudulent requests
      by email can be monitored.

3. Domain Name Tasting.

      a. A practice where a domain name is registered for the purpose of evaluating
      its value, especially in connection with click-through revenue, during
      the five (5) day add-grace period for domain name registration. During the initial
      add-grace period, a domain name registration can be “returned” for refund, so if
      the domain name does not perform well during the five day period, it is often

      b. Typosquatting variations on trademarks are common targets of domain name

      c. Domain Name Kiting – Simply an extension on domain name tasting where
      the taster engages in a repeated pattern of registering, dropping before the end of
      the add-grace period, and reregistering the same domain name with the intent of
      never having to pay the registration fee.

      d. Tips For Combating: (1) check the registration date; (2) monitor; (3) if
      dropped, register; (4) careful of back-order usage; (5) avoid entering site if
      possible, and especially avoid clicking on links during add-grace period.

4. Domain Name Spying.

      a. A practice where a person views or spies on another party’s
      whois/ownership searches for available domain name registrations.

      b. But why? So that if the domain names are not registered immediately, the spy
      will register them believing that they may have some current or future value.
      Thereafter, the spy may “taste” them and use them for click-through revenue.

      c. Tips For Combating: (1) register before searching; (2) if searching is needed,
      use a reputable registrar.
5. Domain Name Slamming.

      a. A process where a competing registrar or other domain name
      registration entity sends out official looking “renewal notification”
      notices to domain name owners.

      b. The hope is that the domain name owners will respond unknowingly to the
      notices and give their domain name business to the sending / competing registrar
      or entity.

      c. Many times, the notices are made to look very official as if coming from a
      governmental agency.

      d. The domain name holder, who may be unfamiliar with its true registrar or the
      domain name renewal process, will believe that the notice must be responded to
      within a certain period of time. By responding and paying the requested fee, the
      domain name owner is actually authorizing the transfer of the domain name to the
      sending /new registrar --- something the domain name owner probably did
      not want to happen.

6. The Domain Name and Keyword Availability Scam.

      a. A practice where an entity sends an email to a brand owner and
      informs it that some other third party is about to register a
      number of domain names and internet keywords containing the brand owner’s
      mark(s). The brand owner is then given the opportunity to block the registrations
      -- by having the domain names and keywords registered with the sending entity.

      b. While the text of these messages differ slightly each time and use different
      names and contact details, here is one general example that has been edited for
      this use:

             Subject: [brand] ---- Intellectual property rights (TO CEO)

             Dear CEO,

             We are the domain name registration organization in Asia, which
             mainly deal with international company's domain name in Asia. We have
             something important need to confirm with your company.

             On the ___________, we received an application formally. One company
             named "______________" wanted to register through our body. After our
             initial examination, we found that the keywords and domain names
             applied for registration are as same as your company's name and
             trademark. Now we want to confirm if _________ company is consigned
               by you. If so, we will finish their registration. If you do not know this
               company, we doubt that they have other aims to buy these domain names.
               If you want to protect your domains, we will send you a dispute
               application form. In order to deal with this issue better, Please
               contact us by telephone or email as soon as possible.

               Following are the domains _____ company applied to our organization.

               Domain name:

               Internet brand keyword:

               Best regards,

       c. It is the hope of the sender that the brand owner will be concerned enough over
       the “potential” registrations that the brand owner will authorize the sender to
       prevent or block the registrations – which is nothing more than the sender getting
       the brand owner’s registration business.

       d. Some things to consider: (1) avoid responding to these messages; (2) there is
       a good chance that the listed domain names and keywords are still available, so if
       they are of interest to the client, register them through your client’s reputable

       e. Updated versions of this scam --- no domain names listed. What then?

       f. Telephone versions of this problem.

7. Phishing.

       a. The practice where some entity sends out spam email or pop-up messages
       falsely claiming to be from a legitimate business or organization, perhaps even
       one your client has a relationship with, such as a bank, ISP, or a governmental
       b. The purpose of phishing is to trick the recipient into revealing personally
       identifiable information or other financial information to the sending entity. The
       sending entity then hopes to use the information for fraud and identity theft

       c. The email or message may look very official and include the legitimate
       company’s trademarks and logos. The sending entity’s email address (spoofed
       email) may look as if it came from the legitimate company by incorporating the
       legitimate company’s mark as part of the address.

       d. The message may include a link where the URL looks nearly identical to that
       of the legitimate company’s URL. If the link is clicked, it may take the recipient
       to a website that looks nearly identical to the legitimate company’s website. It is
       likely that at this site, the scam sender will attempt to collect its information from
       the victim.

       e. Be mindful. It is very unlikely that the client’s legitimate company contacts
       would request any type of sensitive information by email.

       f. vishing scam– A spin on phishing where the scam email indicates that some
       account (credit card, bank, eBay, PayPal) has been suspended and that the
       recipient needs to act asap. Once again, a fraudulent attempt at collecting
       personally identifiable information.

8. Pharming. The process where a site’s traffic is redirected to a fake site, usually
unknown to the user, with the common purpose of conducting a phishing scam or for
other identity theft purposes.

9. Employment Fraud Scams.

       a. The practice where an entity reviews job posting sites and other information
       and then sends fraudulent messages to job seekers holding itself out as being
       affiliated with a legitimate company. The job seeker then is scammed into
       revealing personally identifiable information as part of an “application process” or
       is lured to a job unrelated to the legitimate company.

       b. The scam message will likely include many uses of the legitimate company’s
       brands, including in the email address.

10. Auction Scam Issues.

       a. Fake or counterfeit good being sold.

       b. Theft of credit card information.

       c. Phishing emails for fake auctions.
           d. Overpayment check scams.

           e. Use legitimate sites and safeguards.

    11. Bogus Humanitarian Emails And Sites.

           a. These spam emails tend to get heavy in volume soon after publicized

           b. The messages will request that donations be made to fake organizations --- and
           at times, the senders may hold themselves out as being related to legitimate
           humanitarian organizations.

    12. Domain Name Appraisal Scam.

           a. Recipient receives a message from someone interested in purchasing the
           recipient’s domain name. Once a price is agreed to, the buyer asks that the
           domain name be appraised – yet the buyer is actually associated with the
           suggested appraisal company and is simply seeking that business. A similar twist
           includes a trademark verification.

    13. Search Engine Keyword Purchasing (not really a scam, but can confuse clients)

           a. Certain search engines allow users to purchase terms, including the trademarks
           of others, as keywords so that when such terms are searched on the respective
           search engine, the user’s advertisement and link will appear in a prominent
           position on the search engine result page.

           b. The legal issues involved are far from settled.


    1. Economic Stimulus Payment Scams.

           a. According to the IRS.GOV site, at least two new scams have recently surfaced:
           (1) people receiving calls from callers impersonating the IRS during which the
           caller asks the taxpayer for his/her social security number and bank account
           numbers to complete the payment; and (2) people receiving emails appearing to
           come from the IRS wherein it asks for bank account information for direct
           deposit of the refunds.

    2. “Nigerian” Money Offer (419) Scams.

           a. Emails that claim to be from some wealthy business person or government
           official wherein these individuals ask for assistance with getting money moved
           out of foreign accounts (perhaps because of some government conflict) in
           exchange for the recipient keeping a large percentage.

           b. Inheritance variations are also common.

    3. Foreign Lotteries. Scam solicitations to buy foreign lottery tickets. Not a good idea.

    4. Work At Home / Turn Computer Into A Money Making Machine. The software
    required to do the “job” will many times contain malware, spyware or spam generating

    5. Fraudulent Grand Jury Summons.

           a. The messages look authentic. They may contain references to the court,
           case and jurisdiction.

           b. The recipient is directed to click on a link to download forms --- which usually
           contains malware.

    6. Pyramid Schemes. Still in existence and have found new life with the internet.

    7. Overpayment Scam.

           a. The seller has a product for sale.

           b. A potential buyer agrees to pay for more than the asking price so as to cover
           shipping and handling. Any difference is to be wired back to the buyer.

           c. Seller receives a check or money order, ships product, and wires back

           d. Check or money order later bounces or is a fake.


    1. Encourage the client to consult with counsel when it has any concerns. If it smells
    bad, it usually is bad.

    2. Visit government sites such as the FBI, SEC, IRS and FTC for updated information on
    the latest frauds and scams.

    3. Use foreign counsel when needed. If the issue has an international element, seek legal
    assistance from that jurisdiction.
4. Have the client keep its customers educated. Customers can lose faith in the client if
the customers are victimized. Have the client encourage its customers to report fraudulent
activities involving the client’s names and marks.

5. Have the client keep its security software up to date.

6. Police the client’s brands on the internet for misuse and abuse including, but not
limited to, domain names, web content, search engine sponsored advertisements,
auctions, blogs, and chat rooms.

7. Form a client response team – IT, management, privacy, legal.

8. Explore web site take down options when appropriate.

9. Be mindful of social networking sites such as Facebook and MySpace and how these
issues can manifest in those areas.

10. Be mindful of virtual world sites such as SecondLife and how these issues can
manifest in those areas.

11. Contact local, state and federal law enforcement when needed.


To top