Keeping Up with Online Brand and Other Related Scams and Frauds

We all know that the Internet offers new ways to do old things.

We can work more efficiently, conduct financial business, enjoy recreational reading, socialize and perform a host of other tasks ' all online ' much faster and more easily than ever before.

Yet, the Internet has also provided an almost unguarded playground to allow thieves and other criminals to develop and unleash sophisticated scams and frauds on unsuspecting users.

This conduct shows up in the almost unlimited amount of Internet scams and frauds active at any point, yet because of the nature of the Internet, it is almost impossible for a small business, consumer or e-commerce attorney to stay up-to-date. That's because the scammer's arsenal is almost without limitation. He or she may use a well-known brand or logo to lure users into an identity-theft trap. He or she may attempt to play off of a recent disaster in an effort to trick users into making a donation to a fraudulent entity disguised as a legitimate relief organization.

Regardless of the tactics or motives, businesses and consumers should always be mindful that scams and frauds can appear in almost any place on the Internet ' from e-mail to social-networking sites.

While it is nearly impossible to address and identify all the scams and frauds that may be active at any one time, the list below provides an overview of some of the more common flimflams infecting the Internet.

e-Commerce attorneys may learn from this article not only how to recognize these scams and frauds, but also be able to recognize the characteristics of one so that he or she will be better equipped to identify other scams and frauds today and tomorrow ' and be prepared to advise clients.

Common Scams and Frauds
Involving Brands

By using a well-known brand in the scam or fraud, the scammer is able to take advantage of the good will and reputation a company has developed in that specific brand. With the amount of brand bombardment that occurs in marketing today, use of a brand for fraud makes the perfect bait. (For a look at online brand-protection and how to address counterfeit product being sold through e-commerce, see, “Safeguarding Brands.”)

Cybersquatting

This is the bad-faith registration and use of a domain name that is identical or confusingly similar to another party's trademark. Bad faith, while not limited to a specific behavior, commonly is done with the intent to divert Internet traffic from the mark owner, offer the domain name back to the mark owner for a price higher than the registration cost or disrupt the mark owner's business. ' or a combination of these rip-offs.

While use of the domain name may vary, many times it is used for phishing schemes or to resolve to Web content for competing goods and services, pornography, sponsored advertising links, counterfeit products or various assortments of packages of these.

The targeted domain names go well beyond just those that are identical to the brand. For example, suppose my hypothetical company is named PeirceBev and I sell sports drinks. Some of the variations on my brand that are likely to be sought after by cybersquatters may include:

• Plurals and hyphens ( peircebevs, peircebeving, peircebev);
• Business designations ( peircebevcorp, peircebevinc, peircebevco, peircebevllc);
• Product designations and characteristics ( peircebevdrink, peirce bevpop, peircebevcola, peircebevorange, peircebevsoda, peirce- bevthirst, peircebevdiet);
• Geographic designations ( peirce bevamerica, peircebeveurope, peircebev123, peircebevphilly, peircebevjersey, peircebevusa);
• Typosquatting and phonetics ( peircebevcom, wwwpeircebev, pearsebev);
• Negatives and positives ( peircebevsucks, peircebevstinks, peircebevlawsuits, peircebevlawyers, peircebevproblems, ihatepeircebev, ilovepeircebev); and
• Other variations ( mypeircebev, ourpeircebev, drink-apeircebev, peircebevforum, peircebevchat, peircebevblog, peircebevgroup, peircebevdiscussion, peircebevmeeting, peircebevclub, peircebev1).

Fraudulent Domain Name Transfers

In this scenario, a scammer attempts to trick a domain-name owner into transferring its domain name to the scammer. While the technique may vary, a common approach is to send a deceptive e-mail notice to the domain-name owner with the hope that the owner will approve the fraudulent transfer request.

A close variation on this scam is what is called domain-name slamming. It is the process in which a competing registrar or other domain-name registration entity sends out an official looking “renewal notification” notice to a domain-name owner. The sender's hope is that the domain-name owner will believe that the notice is official (perhaps coming from the owner's registrar or a governmental agency), respond as requested in the notice and, as a result, have its domain names
unknowingly transferred to the sender's maintenance system.

Domain Name Tasting

Here, a domain name is registered for the purpose of judging its value, especially in connection with click-through advertising revenue, during the five-day add-grace period for domain-name registration. If the domain name does not “perform” well during the five-day period, it is often returned for a refund. Many times, the domain names being registered through this practice consist of common misspellings (typosquatting) of brand names and marks.

Domain Name Kiting

In this scheme, the domain name taster engages in a pattern of registering, dropping before the end of the add-grace period and re-registering the same domain name with the intent of never having to pay the registration fee.

Domain Name Spying

This is when a person views or spies on another party's domain name whois/ownership searches to see what domain names are being considered for registration. The purpose is that if the domain names are not registered immediately, the spy will register them, believing that they may have some current or future value. Thereafter, the spy may “taste” and use them for click-through revenue or attempt to auction them.

Domain Name and
Keyword Availability Scam

This involves an entity sending a brand owner an e-mail and “informing” the owner that some other third party is about to register a number of domain names and Internet keywords containing the brand owner's mark(s). The brand owner then has the opportunity to block the registrations by having the domain names and keywords registered with the sending entity. The sender hopes, of course, that the brand owner will be concerned enough over the “potential” registrations to authorize the sender to prevent or block the registrations ' which is nothing more than the sender obtaining the brand owner's registration business through deception.

Phishing

Many people have seen this and been amply warned about it, yet it seems ubiquitous. An entity sends out an e-mail or pop-up message falsely claiming to be from a legitimate business or organization, perhaps even one that is familiar to the recipient, such as a bank, ISP or government agency. The purpose of the phishing attack is to trick the recipient into revealing personally identifiable information, access codes or other financial information. The e-mail or message may look very official and include the legitimate company's trademarks and logos. The sending entity's e-mail address (spoofed e-mail) may look as if it came from the legitimate company by incorporating the legitimate company's mark as part of the address. The message may include a link where the URL looks nearly identical to that of the legitimate company's URL. If the link is clicked, it may take the recipient to a Web site that looks nearly identical to the legitimate company's Web site. It is likely that at this site, the scam sender will attempt to collect information from the victim. (For more on personal data protection, see, “It Came from the State Legislature: As Federal Data-Protection Legislation Stalls, States Fill the Gap Congress Has Left,” in the March edition of e-Commerce Law & Strategy.)

A vishing scam is a variation on phishing where the scam e-mail states that some account (credit card, bank, eBay, PayPal, for example) has been suspended and that the recipient must act quickly to resolve the issue. Again, the goal of the sender is to gain access to sensitive information like account passwords and credit-card numbers. For example, it was reported recently that vishing e-mails were sent out seeking Google Calendar login information from recipients.

Pharming

This is when a site's traffic is redirected to a fake site, usually unknown to the user, with the common purpose of conducting a phishing scam or for other identity-theft purposes. These can be some of the most deceptive scams online because it may be difficult to know whether or not the site is legitimate, especially if the DNS has been compromised in some manner. (“DNS” is an abbreviation for domain-name system; sometimes the S stands for service or server. This is an application that recasts domain names as IP addresses, which are then used in the scam.)

Employment Fraud Scams

An entity reviews job-posting sites and sends fraudulent messages to job-seekers, holding itself out as being affiliated with a legitimate company. The job-seeker then is scammed into revealing personally identifiable information as part of the application process, or is lured to a job unrelated to the legitimate company. The scam message will likely include many uses of the legitimate company's brands, including in the e-mail address. The scammer may also post a fraudulent job on a job-listing site with the same intent.

Auction Scam Issues

There are many different types of scams and frauds that occur in connection with auction sites, such as the sale of fake or counterfeit goods, theft of credit-card information and the use of phishing e-mails for fake auctions.

Bogus Humanitarian
e-Mails and Sites

In these sting operations, fraudulent e-mails and sites are used in an effort to trick users into making donations to a fake entity masquerading as being related to a legitimate humanitarian organization. These types of scams usually increase in volume around well-publicized disasters and can cause great damage to a legitimate organization's efforts to get donations.

Misuse of Search Engine
Keyword Purchasing

Certain search engines allow users to purchase terms, including the trademarks of others, as key words so that when such terms are searched for on the respective search engine, the user's advertisement and link will appear in a prominent position on the search-engine result page. Many times, the advertiser misuses a trademark or name in the text of the advertisement, or on the resulting site in an effort to create a likelihood of confusion as to the source, sponsorship or affiliation of the advertiser's goods or services, or both.

Other Internet Concerns, Scams and Frauds

Economic Stimulus Payment Scams

According to the IRS, at least two new scams have surfaced:

1. Taxpayers receiving calls from individuals impersonating the IRS during which the caller asks the taxpayer for his or her Social Security and bank-account numbers to complete the payment; and
2. Taxpayers receiving e-mails appearing to come from the IRS that ask for bank-account information for direct deposit of the refunds.

'Nigerian' Money Offer (419) Scams

e-Mails claiming to be from some wealthy business person or government official in which these phonies ask for assistance with getting money moved out of foreign accounts (perhaps because of some government conflict or a death), in exchange for the recipient keeping a large percentage.

Work at Home/Turn Computer Into a Money-Making Machine

The software required to do the “job” will often contain malware, spyware or spam-generating software about which the victim is unaware.

Money Mule Scam

Here, the victim takes a job in which he or she will be sent money that needs to be divvied up and resent to other parties (additional scammers). The victim is told to keep a portion of the money. After that, the victim finds out that the money came from an innocent third party who thought he or she was buying something from someone (scammer) on eBay. Now the innocent third party turns to the victim for his or her product. The result is that the scammers used the victim to launder stolen money from the innocent third party.

Fraudulent Grand Jury Summons

These messages look authentic and may contain references to the court, case and jurisdiction. The recipient is then directed to click on a link to download forms that usually contain malware or spyware.

Overpayment Scam

In this operation, the seller-victim has a product for sale. A potential buyer agrees to pay for more than the asking price to cover shipping and handling. Any difference is to be wired back to the buyer. Seller receives a check or money order, ships the product and wires back the difference. The problem, however, is that the buyer's check or money order turns out to be fake and the seller is responsible for the entire amount.

Reshipping Scam

It starts out as an employment scam. The victim is “hired” to receive goods and reship them overseas. The victim receives the goods, and does her job, yet the goods were likely purchased with stolen credit cards. The goods then are fenced overseas and the victim just unknowingly participated in the process.

Tips for Fighting Internet Scams and Frauds

While the scams and frauds mentioned in this article differ in style and appearance, many have similar traits, such as brand abuse or requests for personal information by e-mail. Recognizing the “smell” or the characteristics of a scam or fraud will help assist users identify them even before they are covered or reported on by the press or government.

In addition to recognition, the following recommendations may also be useful in combating scams and frauds on the Internet:

• Check applicable Internet, trademark, deceptive-practice, fraud and related laws for legal options. For example, Section 1125(d) of the Lanham Act (Anticybersquatting Consumer Protection Act) and The Uniform Domain Name Dispute Resolution Policy provide legal options specific to cybersquatting.
• Visit government Web sites such as those of the FBI, SEC (Securities and Exchange Commission), IRS and FTC (Federal Trade Commission) for information on the latest frauds and scams.
• Use foreign counsel when needed if an international element is present.
• Keep clients educated on scams and frauds that target the company's brands.
• Encourage clients to report fraudulent activities involving the company's brands.
• Keep security software up-to-date.
• Police company brands on the Internet for misuse and abuse, including, but not limited to, domain names, Web content, search engine-sponsored advertisements, auctions and chat rooms.
• Form a response team to handle scams and frauds that attack the company ' IT, management, privacy and legal.
• Explore Web site take-down options when appropriate if the content is being used to perpetuate the scam or fraud.
• Be mindful of issues that may arise in social-networking sites such as Facebook and MySpace, or in virtual-world sites such as SecondLife.
• Contact local, state and federal law-enforcement agencies when needed.

We all know that the Internet offers new ways to do old things.

We can work more efficiently, conduct financial business, enjoy recreational reading, socialize and perform a host of other tasks ' all online ' much faster and more easily than ever before.

Yet, the Internet has also provided an almost unguarded playground to allow thieves and other criminals to develop and unleash sophisticated scams and frauds on unsuspecting users.

This conduct shows up in the almost unlimited amount of Internet scams and frauds active at any point, yet because of the nature of the Internet, it is almost impossible for a small business, consumer or e-commerce attorney to stay up-to-date. That's because the scammer's arsenal is almost without limitation. He or she may use a well-known brand or logo to lure users into an identity-theft trap. He or she may attempt to play off of a recent disaster in an effort to trick users into making a donation to a fraudulent entity disguised as a legitimate relief organization.

Regardless of the tactics or motives, businesses and consumers should always be mindful that scams and frauds can appear in almost any place on the Internet ' from e-mail to social-networking sites.

While it is nearly impossible to address and identify all the scams and frauds that may be active at any one time, the list below provides an overview of some of the more common flimflams infecting the Internet.

e-Commerce attorneys may learn from this article not only how to recognize these scams and frauds, but also be able to recognize the characteristics of one so that he or she will be better equipped to identify other scams and frauds today and tomorrow ' and be prepared to advise clients.

Common Scams and Frauds
Involving Brands

By using a well-known brand in the scam or fraud, the scammer is able to take advantage of the good will and reputation a company has developed in that specific brand. With the amount of brand bombardment that occurs in marketing today, use of a brand for fraud makes the perfect bait. (For a look at online brand-protection and how to address counterfeit product being sold through e-commerce, see, “Safeguarding Brands.”)

Cybersquatting

This is the bad-faith registration and use of a domain name that is identical or confusingly similar to another party's trademark. Bad faith, while not limited to a specific behavior, commonly is done with the intent to divert Internet traffic from the mark owner, offer the domain name back to the mark owner for a price higher than the registration cost or disrupt the mark owner's business. ' or a combination of these rip-offs.

While use of the domain name may vary, many times it is used for phishing schemes or to resolve to Web content for competing goods and services, pornography, sponsored advertising links, counterfeit products or various assortments of packages of these.

The targeted domain names go well beyond just those that are identical to the brand. For example, suppose my hypothetical company is named PeirceBev and I sell sports drinks. Some of the variations on my brand that are likely to be sought after by cybersquatters may include:

• Plurals and hyphens ( peircebevs, peircebeving, peircebev);
• Business designations ( peircebevcorp, peircebevinc, peircebevco, peircebevllc);
• Product designations and characteristics ( peircebevdrink, peirce bevpop, peircebevcola, peircebevorange, peircebevsoda, peirce- bevthirst, peircebevdiet);
• Geographic designations ( peirce bevamerica, peircebeveurope, peircebev123, peircebevphilly, peircebevjersey, peircebevusa);
• Typosquatting and phonetics ( peircebevcom, wwwpeircebev, pearsebev);
• Negatives and positives ( peircebevsucks, peircebevstinks, peircebevlawsuits, peircebevlawyers, peircebevproblems, ihatepeircebev, ilovepeircebev); and
• Other variations ( mypeircebev, ourpeircebev, drink-apeircebev, peircebevforum, peircebevchat, peircebevblog, peircebevgroup, peircebevdiscussion, peircebevmeeting, peircebevclub, peircebev1).

Fraudulent Domain Name Transfers

In this scenario, a scammer attempts to trick a domain-name owner into transferring its domain name to the scammer. While the technique may vary, a common approach is to send a deceptive e-mail notice to the domain-name owner with the hope that the owner will approve the fraudulent transfer request.

A close variation on this scam is what is called domain-name slamming. It is the process in which a competing registrar or other domain-name registration entity sends out an official looking “renewal notification” notice to a domain-name owner. The sender's hope is that the domain-name owner will believe that the notice is official (perhaps coming from the owner's registrar or a governmental agency), respond as requested in the notice and, as a result, have its domain names
unknowingly transferred to the sender's maintenance system.

Domain Name Tasting

Here, a domain name is registered for the purpose of judging its value, especially in connection with click-through advertising revenue, during the five-day add-grace period for domain-name registration. If the domain name does not “perform” well during the five-day period, it is often returned for a refund. Many times, the domain names being registered through this practice consist of common misspellings (typosquatting) of brand names and marks.

Domain Name Kiting

In this scheme, the domain name taster engages in a pattern of registering, dropping before the end of the add-grace period and re-registering the same domain name with the intent of never having to pay the registration fee.

Domain Name Spying

This is when a person views or spies on another party's domain name whois/ownership searches to see what domain names are being considered for registration. The purpose is that if the domain names are not registered immediately, the spy will register them, believing that they may have some current or future value. Thereafter, the spy may “taste” and use them for click-through revenue or attempt to auction them.

Domain Name and
Keyword Availability Scam

This involves an entity sending a brand owner an e-mail and “informing” the owner that some other third party is about to register a number of domain names and Internet keywords containing the brand owner's mark(s). The brand owner then has the opportunity to block the registrations by having the domain names and keywords registered with the sending entity. The sender hopes, of course, that the brand owner will be concerned enough over the “potential” registrations to authorize the sender to prevent or block the registrations ' which is nothing more than the sender obtaining the brand owner's registration business through deception.

Phishing

Many people have seen this and been amply warned about it, yet it seems ubiquitous. An entity sends out an e-mail or pop-up message falsely claiming to be from a legitimate business or organization, perhaps even one that is familiar to the recipient, such as a bank, ISP or government agency. The purpose of the phishing attack is to trick the recipient into revealing personally identifiable information, access codes or other financial information. The e-mail or message may look very official and include the legitimate company's trademarks and logos. The sending entity's e-mail address (spoofed e-mail) may look as if it came from the legitimate company by incorporating the legitimate company's mark as part of the address. The message may include a link where the URL looks nearly identical to that of the legitimate company's URL. If the link is clicked, it may take the recipient to a Web site that looks nearly identical to the legitimate company's Web site. It is likely that at this site, the scam sender will attempt to collect information from the victim. (For more on personal data protection, see, “It Came from the State Legislature: As Federal Data-Protection Legislation Stalls, States Fill the Gap Congress Has Left,” in the March edition of e-Commerce Law & Strategy.)

A vishing scam is a variation on phishing where the scam e-mail states that some account (credit card, bank, eBay, PayPal, for example) has been suspended and that the recipient must act quickly to resolve the issue. Again, the goal of the sender is to gain access to sensitive information like account passwords and credit-card numbers. For example, it was reported recently that vishing e-mails were sent out seeking Google Calendar login information from recipients.

Pharming

This is when a site's traffic is redirected to a fake site, usually unknown to the user, with the common purpose of conducting a phishing scam or for other identity-theft purposes. These can be some of the most deceptive scams online because it may be difficult to know whether or not the site is legitimate, especially if the DNS has been compromised in some manner. (“DNS” is an abbreviation for domain-name system; sometimes the S stands for service or server. This is an application that recasts domain names as IP addresses, which are then used in the scam.)

Employment Fraud Scams

An entity reviews job-posting sites and sends fraudulent messages to job-seekers, holding itself out as being affiliated with a legitimate company. The job-seeker then is scammed into revealing personally identifiable information as part of the application process, or is lured to a job unrelated to the legitimate company. The scam message will likely include many uses of the legitimate company's brands, including in the e-mail address. The scammer may also post a fraudulent job on a job-listing site with the same intent.

Auction Scam Issues

There are many different types of scams and frauds that occur in connection with auction sites, such as the sale of fake or counterfeit goods, theft of credit-card information and the use of phishing e-mails for fake auctions.

Bogus Humanitarian
e-Mails and Sites

In these sting operations, fraudulent e-mails and sites are used in an effort to trick users into making donations to a fake entity masquerading as being related to a legitimate humanitarian organization. These types of scams usually increase in volume around well-publicized disasters and can cause great damage to a legitimate organization's efforts to get donations.

Misuse of Search Engine
Keyword Purchasing

Certain search engines allow users to purchase terms, including the trademarks of others, as key words so that when such terms are searched for on the respective search engine, the user's advertisement and link will appear in a prominent position on the search-engine result page. Many times, the advertiser misuses a trademark or name in the text of the advertisement, or on the resulting site in an effort to create a likelihood of confusion as to the source, sponsorship or affiliation of the advertiser's goods or services, or both.

Other Internet Concerns, Scams and Frauds

Economic Stimulus Payment Scams

According to the IRS, at least two new scams have surfaced:

1. Taxpayers receiving calls from individuals impersonating the IRS during which the caller asks the taxpayer for his or her Social Security and bank-account numbers to complete the payment; and
2. Taxpayers receiving e-mails appearing to come from the IRS that ask for bank-account information for direct deposit of the refunds.

'Nigerian' Money Offer (419) Scams

e-Mails claiming to be from some wealthy business person or government official in which these phonies ask for assistance with getting money moved out of foreign accounts (perhaps because of some government conflict or a death), in exchange for the recipient keeping a large percentage.

Work at Home/Turn Computer Into a Money-Making Machine

The software required to do the “job” will often contain malware, spyware or spam-generating software about which the victim is unaware.

Money Mule Scam

Here, the victim takes a job in which he or she will be sent money that needs to be divvied up and resent to other parties (additional scammers). The victim is told to keep a portion of the money. After that, the victim finds out that the money came from an innocent third party who thought he or she was buying something from someone (scammer) on eBay. Now the innocent third party turns to the victim for his or her product. The result is that the scammers used the victim to launder stolen money from the innocent third party.

Fraudulent Grand Jury Summons

These messages look authentic and may contain references to the court, case and jurisdiction. The recipient is then directed to click on a link to download forms that usually contain malware or spyware.

Overpayment Scam

In this operation, the seller-victim has a product for sale. A potential buyer agrees to pay for more than the asking price to cover shipping and handling. Any difference is to be wired back to the buyer. Seller receives a check or money order, ships the product and wires back the difference. The problem, however, is that the buyer's check or money order turns out to be fake and the seller is responsible for the entire amount.

Reshipping Scam

It starts out as an employment scam. The victim is “hired” to receive goods and reship them overseas. The victim receives the goods, and does her job, yet the goods were likely purchased with stolen credit cards. The goods then are fenced overseas and the victim just unknowingly participated in the process.

Tips for Fighting Internet Scams and Frauds

While the scams and frauds mentioned in this article differ in style and appearance, many have similar traits, such as brand abuse or requests for personal information by e-mail. Recognizing the “smell” or the characteristics of a scam or fraud will help assist users identify them even before they are covered or reported on by the press or government.

In addition to recognition, the following recommendations may also be useful in combating scams and frauds on the Internet:

• Check applicable Internet, trademark, deceptive-practice, fraud and related laws for legal options. For example, Section 1125(d) of the Lanham Act (Anticybersquatting Consumer Protection Act) and The Uniform Domain Name Dispute Resolution Policy provide legal options specific to cybersquatting.
• Visit government Web sites such as those of the FBI, SEC (Securities and Exchange Commission), IRS and FTC (Federal Trade Commission) for information on the latest frauds and scams.
• Use foreign counsel when needed if an international element is present.
• Keep clients educated on scams and frauds that target the company's brands.
• Encourage clients to report fraudulent activities involving the company's brands.
• Keep security software up-to-date.
• Police company brands on the Internet for misuse and abuse, including, but not limited to, domain names, Web content, search engine-sponsored advertisements, auctions and chat rooms.
• Form a response team to handle scams and frauds that attack the company ' IT, management, privacy and legal.
• Explore Web site take-down options when appropriate if the content is being used to perpetuate the scam or fraud.
• Be mindful of issues that may arise in social-networking sites such as Facebook and MySpace, or in virtual-world sites such as SecondLife.
• Contact local, state and federal law-enforcement agencies when needed.