VIEWS: 9 PAGES: 13 POSTED ON: 3/8/2010
Cybersquatting, Frauds, and Scams on the Internet - ALI-ABA / Hot Topics in Internet Law for Business Lawyers: Don’t Get Caught in the ‘Net! - June 3, 2008 by: Richard E. Peirce Eckert Seamans Cherin & Mellott, LLC Two Liberty Place 50 South 16th Street / 22nd Floor Philadelphia, PA 19102 Phone: (215) 851-8389 Email: email@example.com A. SOME INTERNET AND DOMAIN NAME BASICS 1. The Domain Name System And ICANN. a. The domain name system. Every computer on the Internet has an IP Address which consists of a string of numbers. Instead of having to remember numbers, the DNS allows letters to be used—hence, the domain name. b. ICANN. The Internet Corporation for Assigned Names and Numbers, or ICANN, is a nonprofit corporation which is responsible for a number of things in connection with the technical operation of the Internet (IP address space allocation, the gTLD and ccTLD domain name system, to name a few). See, www.icann.org. 2. Defining A Domain Name. a. A domain name is the “telephone number” of the Internet. Just like telephone numbers are used to reach people, domain names are used to reach web content. b. Parts of a domain name. If the domain name is beverages.peircebev.com the “com” is the top-level domain name, the “peircerbev” is the second-level domain, and the “beverages” (to the extent it exists in a specific domain name) is the third- level domain. There can be additional levels beyond the third-level domain. Third level or higher domains are commonly known as sub-domains. If the domain name is peirecebev.com/beverages, the “beverages” portion is commonly known as a subpage or sub-directory. c. Ownership. Similar to other types of intellectual property, a domain name registration is “owned” by its registrant (the common term used to describe the owner of a domain name registration). The registration can be transferred, sold, and licensed. d. Domain names and trademarks. i. Domain names are not trademarks. However, domain names can be protected as trademarks if they are used as source indicators. (For example: eHarmony.com.) If a domain name is simply used as a domain name in its technical sense, and nothing more, then it is not functioning as a source indicator, and hence, not a trademark. See, Trademark Manual of Examining Procedure §§1209.03(m) and 1215 for additional information concerning registering marks that consist of domain names with the U.S. Patent and Trademark Office. ii. Abandonment. Unlike a trademark, rights in a domain name will normally not be lost as a result of non-use. This important difference allows preventive registrations to fight off cybersquatters. 3. Domain Names And Websites. a. Servers. A server is, in essence, a computer that houses web content available on the Internet. b. If a party wants a specific domain name to point to specific web content, there are generally two things that must be done. First, the domain name, through the registrar account, must be configured to point to a specific server. Second, the server must be configured to “accept” the domain name. c. Multiple domain names and one website. Similar to the process described above, multiple domain names can be configured to point to the same web content. This is especially important to in-house legal departments when preventing and/or pursuing cybersquatters. Any additional domain names acquired can be configured to point to the same web content as the client’s main domain name. For example, peircebev.com, peircebev-drink.com, and peircebevphilly.com can all be configured to point to the same web content. d. Auto-forwarding. Certain registrars offer the option, usually at an added cost, to auto-forward domain names to other domain names. In essence, only one domain name needs to point to the desired web content. Other domain names are then “auto-forwarded” to the one domain name, thereby giving the impression that the other domain names are configured to point to the web content. There are dangers with using this option, including loss of control of the original domain name. 4. Domain Name Expiration Cycle. a. When a domain name registration is close to expiring, the registrar of record will normally send notices to the administrative contact email address(es) in the whois. The expiration date for a domain name registration can normally be found in the whois record. b. A typical domain name expiration cycle: i. The domain name is registered from 1-10 years. ii. If the domain name registration is not renewed before the expiration date, then it expires. At this point, the domain name does not yet become available for registration by others. iii. Once the domain name registration expires, the registrar (the entity that “sells” domain name registrations) will usually hold the domain name registration for a period of time after the expiration date has passed, which can typically run between one (1) and 45 days (and even longer). During this period, the domain name registration can still be renewed by the registrant through the registrar. iv. Redemption Grace Period. If the registrant does not renew the domain name registration during the registrar hold period referenced above, the domain name registration will be “released” to the registry (the entity that administers a certain domain name ending). The registry will hold the domain name registration for a 30 day Redemption Grace Period. During this 30-day period, the domain name registration can still be renewed by the registrant, but now only through the registry and at a higher cost. v. Five Day Registry Hold And Deletion. Once the 30-day Redemption Grace Period has ended (and the registrant has not renewed the registration), the domain name is put on hold for five days and then released to the public for registration. c. Back-Order Services. If you have a client who is interested in a certain domain name that is already registered, you can place a “back-order” on the domain name with the hope that if the registration expires and is released to the public, the back-order company can acquire the domain name before it is registered by some other entity. 5. Types Of Domain Names. a. There are generally two main types of domain names – Generic Top Level Domains Names and Country Code Top Level Domains Names. b. Generic Top Level Domain Names. These include .com, .net, .org, .biz, .info and other lesser known ones. c. Many of these top level domain names have restrictions on who can register them and/or how they can be used. Information on restrictions related to the generic top level domain names can be found at www.iana.org. d. Country Code Top Level Domain Names. These specific domain name extensions are assigned to specific countries. (For example: .CA, .UK, .DE, .US are just a few.) Registration restrictions may apply depending on the specific domain name extension. Many of the ccTLD domain names do not have any restrictions, and some have been marketed beyond their specific country to a worldwide audience. More information on country code top level domain names can be found at www.iana.org. 6. Whois Data And Domain Name Ownership Issues. a. The whois tool provides limited ownership information on the registrant/owner of a domain name registration. Whois information can be accessed through a number of different websites. Typically, the whois information will include contact information such as name, physical address and email address. b. Reliability Of Information. There are many times when a registrant does not provide accurate whois information when a domain name is registered. False whois information can be an issue in domain name arbitrations and litigation. c. Private Registrations. The use by registrants of private registration services to hide their identities has become a very hot issue in the domain name world. The hidden registration services, which are many times offered by registrars, allow a registrant to hide its identity in the whois information. Many times, the whois listing will display contact information related to the registrar. One popular hidden registration service called DomainByProxy is offered by GoDaddy.com. d. Reversewhois. This is a tool offered by some online brand monitoring companies that allows you to search domain name registrations by owner or other whois contact information. e. Incomplete whois data. At times, you will encounter whois data that looks incomplete. If that happens, you should try using the whois service offered by the registrar of record. B. COMMON SCAMS AND FRAUDS INVOLVING CLIENT NAMES AND MARKS 1. Cybersquatting. a. It is generally defined as registering and using a domain name that is identical or confusingly similar to another party’s trademark with the bad faith intent to divert internet traffic from the mark owner, offer the domain name back to the mark owner for a price higher than the registration cost, and/or disrupt the mark owner’s business. b. Common web content at issue: competing goods and services, error page sites, pornographic sites, sponsored link sites, fraud and counterfeiting sites. c. Domain name variations to consider: i. Plurals and hyphens. (peircebevs, peircebeving, peirce-bev.). ii. Business designations. (peircebevcorp, peircebevinc, peircebevco, peircebevllc.). iii. Product designations and characteristics. (peircebevdrink, peirce- bevpop, peircebevcola, peircebevorange, peircebevsoda, peircebevthirst, peircebevdiet.). iv. Geographic designations. (peircebevamerica, peircebeveurope, peircebev123, peircebevphilly, peircebevjersey, peircebevusa.). v. Typosquatting and phonetics. (peircebevcom, wwwpeircebev, pearsebev.). vi. Negatives and positives. (peircebevsucks, peircebevstinks, peircebevlawsuits, peircebevlawyers, peircebevproblems, ihatepeircebev, ilove-peircebev.). vii. Miscellaneous. (mypeircebev, ourpeircebev, drinkapeircebev, peircebevforum, peircebevchat, peircebevblog, peircebevgroup, peircebevdiscussion, peirce-bevmeeting, peircebevclub, peircebev1.). d. Section 1125(d) of the Lanham Act (Anticybersquatting Consumer Protection Act) provides a federal cause of action for cybersquatting. The Uniform Domain Name Dispute Resolution Policy (http://www.icann.org/dndr/udrp/policy.htm) provides an arbitration-like procedure for cybersquatting disputes involving certain types of domain names. Certain ccTLD domain names have their own domain name arbitration procedures as well. e. While the ACPA and UDRP are very similar, they do have some differences – For example, when defining cybersquatting, the ACPA uses “registers, traffics in, or uses a domain name that …”, while the UDRP defines it as a domain name that “has been registered and is being used in bad faith.” f. How expansive is the bad faith definition? g. Defenses – How far does the fair use defense stretch? What is legitimate use? h. Cybersquatting dispute strategy – Hidden registration details, cease/desist letter issues, settlement and domain name registration transfers, and arbitration/litigation (which one to pick?) 2. Fraudulent Domain Name Transfers. a. Be sure the client’s domain names are on locked status within the respective registrar account. b. Typically, transfer requests originate from the gaining registrar. As such, the client should be mindful of any domain name transfer requests it receives without prior knowledge of the transfer. c. Authorization codes - These are security codes consisting of letters and numbers that can be acquired from the transferor’s registrar account. The codes are needed for many domain name endings when one such domain name registration is transferred to another registrar. The gaining party will normally need the auth code to initiate the transfer process. Only disclose a domain name auth code to a party scheduled to receive the domain name through a transfer. d. Contact email addresses - It is important in any domain name registration transfer that the registrant and administrative contact email address(es) are active so that any transfer request sent to those addresses can be read and responded to in a timely manner. Keep these addresses active so that any fraudulent requests by email can be monitored. 3. Domain Name Tasting. a. A practice where a domain name is registered for the purpose of evaluating its value, especially in connection with click-through revenue, during the five (5) day add-grace period for domain name registration. During the initial add-grace period, a domain name registration can be “returned” for refund, so if the domain name does not perform well during the five day period, it is often returned. b. Typosquatting variations on trademarks are common targets of domain name tasters. c. Domain Name Kiting – Simply an extension on domain name tasting where the taster engages in a repeated pattern of registering, dropping before the end of the add-grace period, and reregistering the same domain name with the intent of never having to pay the registration fee. d. Tips For Combating: (1) check the registration date; (2) monitor; (3) if dropped, register; (4) careful of back-order usage; (5) avoid entering site if possible, and especially avoid clicking on links during add-grace period. 4. Domain Name Spying. a. A practice where a person views or spies on another party’s whois/ownership searches for available domain name registrations. b. But why? So that if the domain names are not registered immediately, the spy will register them believing that they may have some current or future value. Thereafter, the spy may “taste” them and use them for click-through revenue. c. Tips For Combating: (1) register before searching; (2) if searching is needed, use a reputable registrar. 5. Domain Name Slamming. a. A process where a competing registrar or other domain name registration entity sends out official looking “renewal notification” notices to domain name owners. b. The hope is that the domain name owners will respond unknowingly to the notices and give their domain name business to the sending / competing registrar or entity. c. Many times, the notices are made to look very official as if coming from a governmental agency. d. The domain name holder, who may be unfamiliar with its true registrar or the domain name renewal process, will believe that the notice must be responded to within a certain period of time. By responding and paying the requested fee, the domain name owner is actually authorizing the transfer of the domain name to the sending /new registrar --- something the domain name owner probably did not want to happen. 6. The Domain Name and Keyword Availability Scam. a. A practice where an entity sends an email to a brand owner and informs it that some other third party is about to register a number of domain names and internet keywords containing the brand owner’s mark(s). The brand owner is then given the opportunity to block the registrations -- by having the domain names and keywords registered with the sending entity. b. While the text of these messages differ slightly each time and use different names and contact details, here is one general example that has been edited for this use: Subject: [brand] ---- Intellectual property rights (TO CEO) Dear CEO, We are the domain name registration organization in Asia, which mainly deal with international company's domain name in Asia. We have something important need to confirm with your company. On the ___________, we received an application formally. One company named "______________" wanted to register through our body. After our initial examination, we found that the keywords and domain names applied for registration are as same as your company's name and trademark. Now we want to confirm if _________ company is consigned by you. If so, we will finish their registration. If you do not know this company, we doubt that they have other aims to buy these domain names. If you want to protect your domains, we will send you a dispute application form. In order to deal with this issue better, Please contact us by telephone or email as soon as possible. Following are the domains _____ company applied to our organization. Domain name: ________.biz _________.cc _________.com.hk ________.com.tw _________.hk _________.asia ________.tw Internet brand keyword: --------- __________________________ Best regards, ------------- c. It is the hope of the sender that the brand owner will be concerned enough over the “potential” registrations that the brand owner will authorize the sender to prevent or block the registrations – which is nothing more than the sender getting the brand owner’s registration business. d. Some things to consider: (1) avoid responding to these messages; (2) there is a good chance that the listed domain names and keywords are still available, so if they are of interest to the client, register them through your client’s reputable registrar. e. Updated versions of this scam --- no domain names listed. What then? f. Telephone versions of this problem. 7. Phishing. a. The practice where some entity sends out spam email or pop-up messages falsely claiming to be from a legitimate business or organization, perhaps even one your client has a relationship with, such as a bank, ISP, or a governmental agency. b. The purpose of phishing is to trick the recipient into revealing personally identifiable information or other financial information to the sending entity. The sending entity then hopes to use the information for fraud and identity theft purposes. c. The email or message may look very official and include the legitimate company’s trademarks and logos. The sending entity’s email address (spoofed email) may look as if it came from the legitimate company by incorporating the legitimate company’s mark as part of the address. d. The message may include a link where the URL looks nearly identical to that of the legitimate company’s URL. If the link is clicked, it may take the recipient to a website that looks nearly identical to the legitimate company’s website. It is likely that at this site, the scam sender will attempt to collect its information from the victim. e. Be mindful. It is very unlikely that the client’s legitimate company contacts would request any type of sensitive information by email. f. vishing scam– A spin on phishing where the scam email indicates that some account (credit card, bank, eBay, PayPal) has been suspended and that the recipient needs to act asap. Once again, a fraudulent attempt at collecting personally identifiable information. 8. Pharming. The process where a site’s traffic is redirected to a fake site, usually unknown to the user, with the common purpose of conducting a phishing scam or for other identity theft purposes. 9. Employment Fraud Scams. a. The practice where an entity reviews job posting sites and other information and then sends fraudulent messages to job seekers holding itself out as being affiliated with a legitimate company. The job seeker then is scammed into revealing personally identifiable information as part of an “application process” or is lured to a job unrelated to the legitimate company. b. The scam message will likely include many uses of the legitimate company’s brands, including in the email address. 10. Auction Scam Issues. a. Fake or counterfeit good being sold. b. Theft of credit card information. c. Phishing emails for fake auctions. d. Overpayment check scams. e. Use legitimate sites and safeguards. 11. Bogus Humanitarian Emails And Sites. a. These spam emails tend to get heavy in volume soon after publicized disasters. b. The messages will request that donations be made to fake organizations --- and at times, the senders may hold themselves out as being related to legitimate humanitarian organizations. 12. Domain Name Appraisal Scam. a. Recipient receives a message from someone interested in purchasing the recipient’s domain name. Once a price is agreed to, the buyer asks that the domain name be appraised – yet the buyer is actually associated with the suggested appraisal company and is simply seeking that business. A similar twist includes a trademark verification. 13. Search Engine Keyword Purchasing (not really a scam, but can confuse clients) a. Certain search engines allow users to purchase terms, including the trademarks of others, as keywords so that when such terms are searched on the respective search engine, the user’s advertisement and link will appear in a prominent position on the search engine result page. b. The legal issues involved are far from settled. C. OTHER POPULAR TYPES OF INTERNET CONCERNS, SCAMS AND FRAUDS 1. Economic Stimulus Payment Scams. a. According to the IRS.GOV site, at least two new scams have recently surfaced: (1) people receiving calls from callers impersonating the IRS during which the caller asks the taxpayer for his/her social security number and bank account numbers to complete the payment; and (2) people receiving emails appearing to come from the IRS wherein it asks for bank account information for direct deposit of the refunds. 2. “Nigerian” Money Offer (419) Scams. a. Emails that claim to be from some wealthy business person or government official wherein these individuals ask for assistance with getting money moved out of foreign accounts (perhaps because of some government conflict) in exchange for the recipient keeping a large percentage. b. Inheritance variations are also common. 3. Foreign Lotteries. Scam solicitations to buy foreign lottery tickets. Not a good idea. 4. Work At Home / Turn Computer Into A Money Making Machine. The software required to do the “job” will many times contain malware, spyware or spam generating software. 5. Fraudulent Grand Jury Summons. a. The messages look authentic. They may contain references to the court, case and jurisdiction. b. The recipient is directed to click on a link to download forms --- which usually contains malware. 6. Pyramid Schemes. Still in existence and have found new life with the internet. 7. Overpayment Scam. a. The seller has a product for sale. b. A potential buyer agrees to pay for more than the asking price so as to cover shipping and handling. Any difference is to be wired back to the buyer. c. Seller receives a check or money order, ships product, and wires back difference. d. Check or money order later bounces or is a fake. D. ADDITIONAL SUGGESTIONS FOR COMBATING FRAUD AND SCAMS ON THE INTERNET 1. Encourage the client to consult with counsel when it has any concerns. If it smells bad, it usually is bad. 2. Visit government sites such as the FBI, SEC, IRS and FTC for updated information on the latest frauds and scams. 3. Use foreign counsel when needed. If the issue has an international element, seek legal assistance from that jurisdiction. 4. Have the client keep its customers educated. Customers can lose faith in the client if the customers are victimized. Have the client encourage its customers to report fraudulent activities involving the client’s names and marks. 5. Have the client keep its security software up to date. 6. Police the client’s brands on the internet for misuse and abuse including, but not limited to, domain names, web content, search engine sponsored advertisements, auctions, blogs, and chat rooms. 7. Form a client response team – IT, management, privacy, legal. 8. Explore web site take down options when appropriate. 9. Be mindful of social networking sites such as Facebook and MySpace and how these issues can manifest in those areas. 10. Be mindful of virtual world sites such as SecondLife and how these issues can manifest in those areas. 11. Contact local, state and federal law enforcement when needed. .
"Cybersquatting_ Frauds_ and Scams on the Internet"