Home / Blogs

Fighting Phishing with Domain Name Disputes

Doug Isenberg

I opened an email from GoDaddy over the weekend on my phone. Or so I initially thought.

I had recently helped a client transfer a domain name to a GoDaddy account (to settle a domain name dispute), so the subject line of the email — "Confirm this account" — simply made me think that I needed to take another action to ensure everything was in working order.

But quickly, my radar went off. Something was amiss:

Phishing email not from GoDaddy

  • The "to" line was blank, which meant that I had been bcc'd on the email.
  • The sender's name was "Go Daddy" (with a space that the Internet's popular registrar doesn't really have).
  • Although the body of the email contained the GoDaddy logo, the footer of the email referred to "Godaddy" (without a space but with a lowercase "D" that is not consistent with the registrar's style).
  • Upon actually reading the email, I immediately noticed the multiple grammatical errors in the first sentence: "Our records shows your account details is incomplete."

Because I was looking at the email on my phone instead of on a computer, I couldn't readily identify the link behind the prominent "Verify Now" button. But later, once I was in front of a PC, I saw that the link was not to GoDaddy at all.

Fortunately, I didn't click the link until now, as I am writing this blog post. At the moment, it leads to a web page that says, "This Account has been suspended."

Phishing for Info

If I had clicked the link when I received the email, I suspect I would have been taken to a page that looked like GoDaddy's website and would have been prompted to enter my username and password. Doing so, of course, would have disclosed that sensitive information to someone else — someone phishing for exactly that information — which would have compromised everything in my account.

Fortunately, as far as I know, I've never clicked on a phishing link — or, if I have, I've never disclosed personal credentials.

But phishing scams seem to be getting more common and more sophisticated. And if I — a savvy computer user and domain name attorney — have to think twice before not clicking on a deceptive link, I can only imagine how many other people (hello, Mom?) must actually click on those links without giving it a second thought.

I realize this is really not new. But it underscores the importance of domain name disputes and how companies can use the Uniform Domain Name Dispute Resolution Policy (UDRP) and other tools to combat phishing as a way to protect their customers.

Google's Phishing Fights

Just days after my "GoDaddy" experience, I read a UDRP decision involving a complaint brought by Google for the domain name <web-account-google.com>. According to the decision:

Complainant [Google] argues that Respondent engages in a phishing scheme to obtain personal information for users.... Complainant claims that the login information contained on the resolving webpage [associated with the domain name <web-account-google.com>] does not actually function, but rather Respondent uses it to obtain personal information from users.

The UDRP panel had no problem finding that this conduct constituted "bad faith" under the policy, and that Google had satisfied the UDRP's other two elements as well, and it ordered the domain name transferred to Google.

Screenshot of web page at www.web-account-google.com (captured September 5, 2017)However, as of this writing, the UDRP decision had not yet been implemented, so, naturally, I went to see what the web page looked like using this domain name, that is, the page at www.web-account-google.com. As the image here shows, the page mimics a Google website: It contains the Google logo along with a header that says (in French), "Sign into your Google account."

Surely, any non-savvy or careless (or simply quickly moving) Internet user directed to this page could not be blamed for thinking that he or she had arrived at a real Google page. But anyone who entered his or her Google credentials would immediately be disclosing them to someone other than Google.

The consequences for any such victim could be tremendous, giving a devious person access to, among many other services offered by Google, sensitive and personal email archives.

Fortunately for Google — and its users — this phishing scam will soon come to an end when the UDRP decision is implemented.

Using the UDRP

The UDRP is a popular way to shut down some phishing scams. Indeed, nearly 1,500 domain name dispute decisions at the World Intellectual Property Organization (WIPO) and the Forum — the two most-popular UDRP service providers — refer to "phishing."

Surely, the total number of phishing scams is far greater than the UDRP numbers reveal, given that many phishing scams are short-lived and disappear before a UDRP complaint can even be filed; some phishing scams don't involve domain name disputes; and trademark owners simply don't have the resources to pursue every scam.

I have no idea how many people fell victim to this fake Google website, but I can quickly see that Google had dealt with this same problem in plenty of other UDRP cases, involving such domain names as <gmaill.com>, <googledocs.net>, <gmailcustomerservices.com> and <google-spain.com>, to list just a few.

Of course, Google is just one of many trademark owners that have used the UDRP to shut down phishing scams. Other technology companies, banks, hotels, financial services firms, insurance companies, and many others have successfully invoked the UDRP to stop phishers from harming consumers.

So, too, has GoDaddy, which won a UDRP decision a couple of years ago for the domain names <service-godaddy.com> and <services-godaddy.com>, which were used as part of a phishing scheme.

While the UDRP will never eliminate phishing, it is obviously an important tool that trademark owners are using to protect their customers from deceptive scams.

By Doug Isenberg, Attorney & Founder of The GigaLaw Firm. Learn more by visiting The GigaLaw Firm website. Doug Isenberg also maintains a blog here.

Related topics: Cybercrime, Cybersecurity, Cybersquatting, Domain Names, UDRP

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Cybersecurity

Sponsored by Verisign

DNS Security

Sponsored by Afilias

Mobile Internet

Sponsored by Afilias Mobile & Web Services

IP Addressing

Sponsored by Avenue4 LLC

Promoted Posts

Buying or Selling IPv4 Addresses?

ACCELR/8 is a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s to keep pace with the evolving demands of the market by applying processes that have delivered value for many of the largest market participants. more»

Industry Updates – Sponsored Posts

Domain Registrations Reach 331.9 Million, 6.7 Million Growth Year over Year

.brands Spotlight: Banking and Finance Industries

Google Buys Business.Site Domain for 'Google My Business'

Radix Announces Global Web Design Contest, F3.space

Global Domain Name Registrations Reach 330.6 Million, 1.3 Million Growth in First Quarter of 2017

.TECH Gets Its Big Hollywood Break

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Why the Record Number of Reverse Domain Name Hijacking UDRP Filings in 2016?

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

UDRP: Better Late than Never - ICA Applauds WIPO for Removing Misguided 'Retroactive Bad Faith'

The Rise and Fall of the UDRP Theory of 'Retroactive Bad Faith'

.PRESS Supports Press Freedom Day for 3rd Consecutive Year

Leading Internet Associations Strengthen Cooperation

5 Afilias Top Level Domains Now Licensed for Sale in China

Radix Announces Largest New gTLD Sale with Casino.Online

2016 Year in Review: The Trending Keywords in .COM and .NET Domain Registrations

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate