Recognizing and Handling Online Fraud and Scams Using Company IP

Part Two, next month, looks at more online scams and offers a summary of some reactive steps a company can take in response to an online scam, as well some preventive measures to implement in order to better avoid one.

The Internet as we know it has evolved into an almost limitless arena where just about everything short of physical activity can be done. This online “playground” allows a user to read magazines, research current events, share photographs, transact business, enjoy life through a virtual character, organize class reunions, and update friends that you just finished a great meal at your favorite restaurant.

Yet, this playground is generally an unguarded realm that gives thieves, criminals and other troublemakers opportunities to make money through the use of sophisticated scams and frauds. These scammers are looking for any information that can be used for profit, such as Social Security numbers, credit card numbers, user names/passwords and bank account numbers.

One of the more popular tactics used by scam artists to deceive Internet users is to pose as a legitimate business or organization. Almost without exception, this involves use of a company's intellectual property, such as the company's trademarks, trade names and copyrighted materials.

Needless to say, this can be very damaging to a company's reputation and overall business. For example, customers and potential customers who are victimized by a scammer that misuses a company's intellectual property may blame the company for failing to police its brand and prevent the fraud from taking place. Therefore, it is critical that a company not only be able to identify current trends in online brand and other intellectual property scams, but have in place preventive and reactive steps in order to combat potential brand damage resulting from an online scam.

While it is nearly impossible to identify all of the scams and frauds that may exist at any one time, the following is an overview of some of the more recent ones involving use of a company's intellectual property.

Domain Name Cybersquatting

Domain name cybersquatting occurs when an entity registers and uses a domain name that is identical or confusingly similar to another party's trademark without having a legitimate right to use the trademark in the domain name.

According to ICANN's Uniform Domain Name Dispute Resolution Policy (www.icann.org), bad faith registration and use can be, yet is not limited to, the following:

(i) Circumstances indicating that you have registered or you have acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of your documented out-of-pocket costs directly related to the domain name; or
(ii) You have registered the domain name in order to prevent the owner of the trademark or service mark from reflecting the mark in a corresponding domain name, provided that you have engaged in a pattern of such conduct; or
(iii) You have registered the domain name primarily for the purpose of disrupting the business of a competitor; or
(iv) By using the domain name, you have intentionally attempted to attract, for commercial gain, Internet users to your Web site or other online location, by creating a likelihood of confusion with the complainant's mark as to the source, sponsorship, affiliation, or endorsement of your Web site or location or of a product or service on your Web site or location.

While the goals of a cybersquatter can vary, one common one is to deceive Internet users into believing that the domain name, resulting Web content and/or created e-mail addresses are related or affiliated with the brand owner.

In order to deceive Internet users, cybersquatters commonly target domain names that appear as if the brand owner owns them. These domain names can be more than just the brand by itself. For example, if a company is in the business of manufacturing and selling sports drinks, and it uses BrandBev as its trade name and trademark, the following variations would likely be targets of a cybersquatter:

• Plurals and hyphen variations (Brandbevs, Brand-bev);
• Business designations (Brandbevcorporation, Brandbevinc, Brandbevco, Brandbevllp);
• Product designations and characteristics (Brandbevdrinks, Brand bevsportsdrink, Brandbevgrape, Brandbevthirsty, Brand bevdietdrink);
• Geographic designations (Brand bevnorthamerica, Brandbevasia, Brandbevdelawarevalley, Brand bevusa);
• Typosquatting and similar variations (wwwbrandbev, Branndbev);
• Negatives and positives (Brandbevsucks, Brandbevsuits, Brandbevattorneys, Brandbevissues, Brandbevisterrible, Brandbevfan); and
• Miscellaneous (Brandbevclub, drinkBrandbev, Brandbevforum, Brandbevblog).

Some scammers may avoid the use of separate domain names and simply use the brand owner's mark as part of a sub-domain or sub-page. Both of these examples should raise immediate red flags.

• sub-domain: Brandbev.scammerpresentation.com
• sub-page: scammerpresentation. com/ Brandbev

Fraudulent Domain Name Transfers

The main goal of the scammer is to get the domain name owner to transfer its domain name to the scammer. The scammer may do this by impersonating a domain name registrar or some other trusted entity. A fake e-mail is sent to the domain name owner asking it perform some type of function. The “function” usually results in the domain name owner unknowingly approving a transfer request.

Domain name slamming is where a registrar or other domain name registration entity e-mails a fake, yet official looking, “renewal notice” to a domain name owner. The notice may be made to look as if it comes from an official registrar, a governmental entity or some other trusted source. The domain name owner may then be persuaded to follow the instructions in the e-mail that may result in the domain name being transferred to a less than reputable domain name registration entity.

Domain Name and Keyword Availability Scam

In this scam, the scammer sends an e-mail to a brand owner and informs it that a third party is about to register a number of domain names and Internet keywords containing the brand owner's mark. The brand owner is given the opportunity to “block” the registrations by filling out and sending back some type of form to the scammer. The form ends up being nothing more than a registration authorization whereby the brand owner has given permission to the scammer to register the domain names and keywords.

Domain Name Appraisal Scam

This scam has been around for years. In its most recent form, the victim receives an e-mail asking it if it is interested in selling a specific domain name. The scammer lists its questionable appraisal service along with other reputable ones and indicates that it will only accept appraisals from one these services. The scammer's service is usually significantly lower in price, so the victim picks it. The scammer makes money off of the appraisal without any real interest in buying the domain name.

If a company is in the business of providing domain name appraisals, it very well might have a problem with its name and mark being used as part of this scam.

Social Media User Name Squatting

With the rise of social media sites such as Facebook, Twitter and MySpace, it is not surprising that scammers have found ways to take advantage of the increased Web traffic to these sites. One of the more popular scams involves registering a user name or handle with the social media site that incorporates the trademark or service mark of a third-party brand owner.

Similar to domain name cybersquatting, the scammer hopes that by incorporating the brand owner's mark into a user name, Internet users will believe that the specific social media page or message feed originates from, or is affiliated with, the brand owner.

For example, if the company is Brandbev, the following could be problematic if not approved by the company:

• www.myspace.com/Brandbev
• www.facebook.com/Brandbev
• twitter.com/Brandbev

Phishing

This is where the scammer sends out a message, usually in the form of an e-mail (although it is in no way limited to e-mail and can be transmitted by pop message or even social media) in which the scammer claims to be affiliated with a legitimate company or organization. The companies and organizations can range from banks to non-profits. In fact, hotel chains have been some of the recent targets of phishing scams wherein the scammers have targeted hotel locator and third party reservation sites.

The e-mail or other message usually contains some type of request for information. The message may request a user name, password, bank account number, Social Security number or some other type of personally identifiable information. The scammer's goal with the “phishing attack” is to trick the recipient into revealing valuable information that can be used for financial gain.

The e-mails or messages are usually designed to look very official. They very often will make use of confusingly similar domain names (or one that is “spoofed” and meant to look identical to the brand owner's official e-mail address). They may contain the brand owner's logo or design trademarks in the body of the message. They may include use of copyrighted photographs stolen from the brand owner's official Web site.

The phishing message may include a link to an official looking URL which when clicked on, could launch a virus spy program or otherwise direct the user to an official-looking site designed to ultimately steal valuable information.

If a company is involved in providing e-mail services to customers, phishing scams can pose a real problem in that scammers look to trick e-mail users into disclosing account access information. Given the amount of confidential information that can be found in an e-mail account, the damage to the customer could be severe.

More recently, one such phishing scam impersonated a bank in order to get the victims to participate in a live chat. During the chat, the victims were tricked into revealing personally identifiable information.

A vishing scam is a variation on phishing where the scammer sends a message pretending to be a brand owner who operates a type of online account. The vishing message states that some account (credit card, bank, eBay, PayPal, etc.) has been deactivated and/or suspended and that the recipient needs to take some sort of action in order to resolve the issue. The “action” usually involves the disclosure of personally identifiable information.

Pharming

Pharming is another form of deception where the scammer creates a Web site that is almost an identical replica of a brand owner's site. Thereafter, the scammer is able to manipulate or alter the DNS system in a way so that when an Internet user types in the brand owner's URL, the user is taken to the fake site. Once at the fake site, some type of identity theft or phishing scam is performed. A pharming scam is one of the more deceptive ones out there given that the Internet user may never know he or she is at fake site.

Twitter Phishing Attack

It was reported that Twitter users received direct and e-mail messages directing the recipients to fake Twitter sites and asking them sign into their accounts in an effort to steal account access information.

If a company runs a social media platform, this type of scam can damage the company's reputation as users may stay away. If the company uses Twitter, it must be mindful of any message that directs users to a specific site for the purpose of account access. The linked site is very likely to look almost identical to Twitter's legitimate site.

Social Media Gift Card Scam

It was reported that a major supermarket brand was targeted in a fake gift card scam on Facebook. Fan pages were set up offering fake gift cards for the supermarket. The scam not only sought to steal personally identifiable information through the sign up process, but infected users' computers with crash causing malware.

Many times, these scams add a time sensitive element to the mix. For example, the scam may state that the promotion is only for the first 20,000 users who sign up, or that the promotion expires in 24 hours. This is done to better lure in users who may choose to act fast instead of investigating the promotion.

Internal Spoofed e-Mail Scam

While this scam is not directed at a company's customers or potential customers, it can still sting. In essence, the scammer is able to e-mail employees of a company and request that they make updates to their systems by clicking on a certain Web link. The e-mail and linked site use spoofing to make it appear that the e-mails are coming from the company. Once the link is clicked on, it can release spyware, malware or a virus.

Employment Fraud Scams

Given the high unemployment rate and reliance on online job searches, this scam is especially nasty. In short, the scammer scans and reviews job listings and resume posting sites for information. The scammer then sends a message to a potential job seeker pretending to be from a company or organization that fits within the job seeker's search and qualifications. The scammer then uses the “application” process to get the job seeker to reveal personally identifiable information.

As with the phishing and pharming sites, the scammer's message usually includes a brand owner's trade names, trademarks and copyrighted material. The scammer may even go as far as to post a fake job on a job-listing site.

Fake Advertisement Scam

This scam targets high traffic sites, most notably news sites. When the Internet user visits these sites, unauthorized advertisements pop up alerting the user that there may have been some security breach to the user's computer system. The fake advertisement may also offer a virus scan in order to “fix” the user's computer. Commonly referred to as scareware, these advertisements can launch spyware, malware or viruses on the user's computer.

Companies that use third-party advertisement server companies should make sure that their server company does not knowingly deliver these types of advertisements. If one is discovered, the company should notify the server entity just in case the server entity's own system has been compromised.

Auction Scams and Counterfeit Goods

Since the start of commerce on the Internet, sale of counterfeit or fake goods has always been a problem. Auction sites provide prime opportunities for criminals to sell fake products that they hold out as legitimate branded goods. Not only will the scammer use the brand owner's trademarks to indentify the goods, but it is also very common for the scammer to scrape copyrighted content off of the brand owner's site and use such in promoting the fake goods online.

Fake Charity Solicitations

These are usually most common after some type of natural disaster or other humanitarian effort. The scammer is counting on the fact many Internet users will answer the call for charitable donations and do so through an online site.

The scammer will usually set up a fake Web site and/or create a phony e-mail message designed to look as if it originated from a legitimate organization like the Red Cross or the Salvation Army. While the primary goal of the scammer is get online donations, the scammer is also happy to get access to the donor's personally identifiable information supplied through the donation process.

Most recently, many of these scams targeted charitable donations for the Haitian earthquake relief effort.

Military Targeted Scams

In an effort to target service members, many sites will offer special military discounts on certain items, such as apartments or even cars. Hoping to take advantage of these discounts, service members are often disappointed to find that the discounts did not originate from legitimate sources and/or are non-existent.

Part Two, next month, looks at more online scams and offers a summary of some reactive steps a company can take in response to an online scam, as well some preventive measures to implement in order to better avoid one.