David Barnett

David Barnett


Joined on April 9, 2020
Total Post Views: 246,440

About

David Barnett has worked in the online brand-protection industry as an analyst and consultant since 2004, serving a range of brand-protection customers in a variety of industries. He is also an experienced thought leader, and author of ‘Brand Protection in the Online World’ (published December 2016).

Except where otherwise noted, all postings by David Barnett on CircleID are licensed under a Creative Commons License.

Featured Blogs

An Overview of the Concept and Use of Domain-Name Entropy

In this article, I present an overview of a series of 'proof-of-concept' studies looking at the application of domain-name entropy as a means of clustering together related domain registrations, and serving as an input into potential metrics to determine the likely level of threat which may be posed by a domain. more

The ‘Millennium Problems’ in Brand Protection

As the brand protection industry approaches a quarter of a century in age, following the founding of pioneers Envisional and MarkMonitor in 1999, I present an overview of some of the main outstanding issues which are frequently unaddressed or are generally only partially solved by brand protection service providers. I term these the 'Millennium Problems' in reference to the set of unsolved mathematical problems published in 2000 by the Clay Mathematics Institute, and for which significant prizes were offered for solutions. more

Patterns and Trends in Domain Tasting of the Top 10 Global Brands

Domain tasting is a long-established practice involving the short-lived existence of a domain, which is allowed to lapse a few days after its initial registration. The practice arose in response to an Internet Corporation for Assigned Names and Numbers (ICANN) policy allowing a domain to be cancelled -- with all fees refunded -- within a five-day grace period, intended to address the issue of accidental registrations1. However, the practice is open to abuse by infringers. more

The Highest Threat TLDs - Part 2

In the first article of this two-part blog series, we looked at how frequently domains were used by bad actors for phishing activity across individual top-level domains (TLDs) or domain extensions, using data from CSC's Fraud Protection services, powered by our DomainSecSM platform. In this second article, we analyze multiple datasets to determine the highest-threat TLDs, based on the frequency with which the domains are used egregiously for a range of cybercrimes. more

The Highest Threat TLDs - Part 1

A domain name consists of two main elements: the second-level domain name to the left of the dot - often consisting of a brand name or relevant keywords - and the domain extension or top-level domain (TLD) to the right of the dot. Domain names form the key elements of the readable web addresses allowing users to access pages on the internet and also allowing the construction of email addresses. more

The Continued Rise of Phishing and the Case of the Customizable Site

We’ve noted in previous CSC studies that phishing continues to be an extremely popular threat vector with bad actors and shows no signs of subsiding in part, because of the COVID–19 pandemic and the rise in popularity of remote working. Indeed, the most recent figures from the Anti-Phishing Working Group (APWG) show that the numbers of phishing attacks are higher than ever before, with the quarterly total of identified unique phishing attacks exceeding 1 million for the first time in Q1 2022, and over 600 distinct brands attacked each month. more

Four Steps to an Effective Brand Protection Program

Internet use has become ever more pervasive. With around five billion global users, it generates an economy of around 15% of global gross domestic product (GDP); that's around $15 trillion and is a figure that's growing 2.5 times faster than GDP itself. This makes the internet an attractive channel for infringers. Phishing and other fraud tactics, selling counterfeit goods online, and digital piracy are primary areas of concern. more

Registration Patterns of Deceptive Domains

A key requirement for a bad actor wanting to launch a brand attack is the registration of a carefully chosen domain name. The most convincing infringements frequently use a domain name that's deceptively similar to that of the official site of the target brand. This allows a variety of attacks to be executed, including phishing attacks... more

Do You See What I See? Geotargeting in Brand Infringements

Geotargeting is a well-established online technique for delivering tailored web content based on a user's geographic location. From an internet technology point of view, this is usually based on the user's IP address, which is converted to a physical location through a standard look-up process performed by network infrastructure. Geotargeting is commonly used by websites for several legitimate reasons, including providing users with relevant advertising and other content... more

Branded Domains Are the Focal Point of Many Phishing Attacks

As a long-established online attack strategy, phishing remains a popular tool for fraudsters because of its effectiveness. The Anti-Phishing Working Group reported more than 300,000 distinct phishing attacks in December 2021 -- more than three times the number reported in early 2020, and the highest monthly total ever identified. more

Breaking the Rules on Counterfeit Sales: The Use of Hidden Links

Counterfeiting is big business. A 2021 study by the Organisation for Economic Cooperation and Development (OECD) estimated that the international trade in counterfeit and pirated products was worth up to $464 billion in 2019, or around 2.5% of all world trade. A significant proportion of this trade occurs via digital channels, where global annual expenditure on eCommerce is more than $4 trillion. more

The World of the Subdomain

A web domain name is the foundational piece of internet property allowing its owner (registrant) to construct and host an associated website. On a domain, the owner is also able to construct whatever subdomains they wish -- a process that is technically achieved via the configuration of records on the authoritative domain name system (DNS) server. more

Domain Registrations Associated with New TLD Launches

One of the central goals of a brand protection program is detecting infringing third-party activity that falls outside the firewall - that is, external to a brand owner's portfolio of official core and tactical domains. Brand threats occur across a range of internet channels, but domain name abuse is one of the most significant areas for concern, both in terms of the visibility and potential for confusion of branded domain names by potential customers, and the enforcement options available. For this reason, domain monitoring is considered a core component of a brand protection service. more

Euro 2020 Part Three: Domains (Revisited) and Other Channels

In this final article in the series of studies looking at Euro 2020-related infringements, we revisit domain name infringements and consider activity across other online channels, with a focus on social media and mobile apps. Following the original study, which looked at domains registered before May 2020 with names containing "euro2020" or "euro2021," we analyzed daily activity levels in the period immediately preceding and during the competition. more

Euro 2020 Part Two: eCommerce Marketplace Activity

Following our previous article on the Euro 2020 football tournament that looked retrospectively at domain name registrations relating to the competition, this article considers activity on eCommerce marketplaces. For this study, our Discovery Engine technology was used to conduct a regular series of scans across key international online marketplaces. We monitored for listings (offers of sale) relating to Euro 2020 clothing and merchandise. more

Euro 2020: An Illustration of the Link Between Real-World Events and Online Infringements

In the run-up to the postponed Euro 2020 football championships, we've analyzed historical registration trends in domains containing the terms "euro2020" or "euro2021." A number of previous studies -- looking at events as diverse as the COVID pandemic, the annual holiday season shopping events, and the Reddit campaign relating to the manipulation of the stock price of U.S.-based retailer GameStop -- show a link between real-world events and spikes in online activity. more

Phishing Scams: How to Spot Them and Stop Them

Phishing scams are nothing new in the online security world and show no signs of subsiding. The scam starts when a fraudster sends a communication purporting to originate from a trusted provider and encourages the recipient, often with a conveyed sense of urgency, to click a link. That link leads to a fake site, usually intended to collect confidential login credentials or other personal information. In similar scams, the mail may encourage the recipient to open an attachment loaded with malicious content. more

Brand Abuse and IP Infringements – Part 2: Enforcement and Return on Investment

In the first article in this two-part series, we looked at the impact of brand abuse and infringements against intellectual property (IP) on an organization's brand value. In this second article, we delve into how action against enforceable infringements can deliver tangible return on investment (ROI) for a brand, and demonstrate the importance of a robust brand protection program. more

Brand Abuse and IP Infringements – Part 1: Brand Impact

In this two-part blog series, we take a closer look at brand abuse and intellectual property (IP) infringements. In this first article, we explore the components making up a company's IP and how online content can affect a brand's value, both actual and perceived... The IP held by an organization -- i.e., the portfolio of brands, trademarks, and other intangible assets that provide it with its distinctiveness, and protect it from unfair competition in the marketplace... more

A Cautionary Tale of Reputation Damage: Striking the Right Balance With Brand Protection

In early March 2020, a well-known European fashion brand found themselves on the receiving end of a protest campaign on social media. The background to the case was the fact that, in 2019, the brand had launched a cease and desist (C&D) action against a small, U.K.-based company in response to their use of similar product names and sale of associated clothing merchandise. more

Coronavirus Online Threats Going Viral, Part 5: Social Media

For our final blog in this series, looking at the online risks associated with COVID-19, we focus on social media. The popularity of social media channels means that they are extremely susceptible to exploitation by cybercriminals and other infringers, particularly during the coronavirus crisis. In an earlier post in this series, we discussed the use of social media for the distribution of phishing-related content, but CSC has also noted marked activity relating to the creation of fake accounts. more

Coronavirus Online Threats Going Viral, Part 4: Phishing

In part four of this series of posts looking at emerging internet content relating to coronavirus, we explore phishing. In times of crisis, cyber criminals invariably take advantage of the growing concerns of the public. In the case of the coronavirus, they have done so by sending phishing emails that play on the fears surrounding the spread of the illness. A number of reports have emerged of emails purporting to provide advice or assistance relating to COVID-19... more

Coronavirus Online Threats Going Viral, Part 3: Mobile Apps

In part three of this series of posts looking at emerging internet content relating to coronavirus, we turn our attention to mobile apps - another digital content channel that can be used by criminals to take advantage of people's fears about the health emergency for their own gain.One of the most common attack vectors we have found in our analysis is the use of apps purporting to track global progression of COVID-19, or provide other information, but which instead incorporate malicious content. more

Coronavirus Online Threats Going Viral, Part 2: Marketplaces

In the midst of the coronavirus crisis and the partial or total quarantines happening around the world, more people are turning to eCommerce for their purchases. This, combined with the increased demand for healthcare and healthcare-related products, is causing surges of activity on online marketplaces. Perhaps least surprising is the growth in the number of listings for cleaning and hygiene products (e.g., hand sanitizer), as well as facemasks... more

Coronavirus Online Threats Going Viral, Part 1: Domain Names

As news of the spread of the coronavirus (COVID-19) continues to emerge, CSC has undertaken the first in a series of studies looking at how the development of the crisis has affected online content. This first article looks at the numbers of registered domains with names containing coronavirus-related strings - "coronavirus" or "covid(-)19" (optional hyphen) - and analyzes the types of content present on the associated websites. more

Topic Interests

Domain NamesCybersecurityDomain ManagementWebCybercrimeBrand ProtectionCoronavirusThreat IntelligenceMobile InternetEmailNew TLDsArtificial IntelligenceDNSCyberattack

Recent Comments

The Highest Threat TLDs - Part 1
The Highest Threat TLDs - Part 1
The Highest Threat TLDs - Part 1
The World of the Subdomain

Popular Posts

Phishing Scams: How to Spot Them and Stop Them

Breaking the Rules on Counterfeit Sales: The Use of Hidden Links

The Highest Threat TLDs - Part 2

The Highest Threat TLDs - Part 1

Euro 2020: An Illustration of the Link Between Real-World Events and Online Infringements