Addressing Cybersquatting Dangers Using Brand Alert API and WHOIS Lookup

By WhoisXML API
WhoisXML API

While other organizations also hear Uniform Domain Name Dispute Resolution Policy (UDRP) cases, the World Intellectual Property Organization (WIPO) is the largest. We looked at the number of registered UDRP cases for 2017, 2018, and 2019 and found an upward trend, as shown in the chart below:

Even though the number of cases every year represents a small fraction of the total number of domains registered or in use, the upward trend indicates that cybersquatting is to be taken seriously.

In this post, we examine how brands can protect themselves against cybersquatting using tools such as Brand Alert API and WHOIS Lookup.

Cybersquatting Dangers: Even Local Brands Can Be Affected

What cybersquatters do with a domain is very important since it may result in loss of business and customer trust for the victim. Worse, it could very well lead to the breach of thousands or millions of users' data for large enterprises.

Global brands are not the only targets of cybersquatters, though. Take, for instance, the case of Little Acorns, a foster care service provider based in Suffolk, England. Although it owned the website littleacornsfostering[.]com since 2012, it didn't renew its registration on time in September 2017, allowing notorious cybersquatter Wesley Perkins to hold the domain for ransom.

Perkins is known for redirecting visitors of domains under his control to adult sites, a technique that he said speeds up the ransom payment process. For an organization that wants to make a difference in children's lives, this can be very detrimental. Jillions eventually won the UDRP case and regained ownership of the domain.

Our Investigative Tools: Brand Alert API and WHOIS API

Cybersquatting presents several dangers not only to brand owners but also to their clients. We examined Bank of America, one of the most spoofed companies using Brand Alert API. We discovered 31 newly added or modified domains that make use of the brand name in one way or another.

We compared the registrant details of the official Bank of America domain with two newly added or modified domains, here's what we found:

Real Site: bankofamerica.com

Suspicious Site #1: verify-bankofamerica[.]com

Suspicious Site #2: bankofameridca[.]com

Overall, the suspicious domains may be relying on users mistaking them for the real Bank of America site. That is, after all, possible especially with verify-bankofamerica[.]com as it isn't even "misspelled" in the sense that it contains the full Bank of America name.

However, a comparison of the real and suspicious domains' WHOIS records would tell you that their registrant details do not match. Cybercriminals are well-known for adding words (sometimes, even alphanumeric combinations to their site URLs) so they can keep the domain name intact while pointing to a site that is altogether unrelated to the company they are spoofing. The domain bankofameridca[.]com is more suspicious in that it is clearly typo-ed with the letter d.

Also, the registrant details of the real Bank of America site are publicly available while those of the likely cyber-squatted domains are anonymized, a hint that they are most likely not owned by Bank of America. What's more, Bank of America's real site has been up since December 1998 and its registrar is CSC Corporate Domains, Inc. The two suspicious sites, meanwhile, were created just days ago and do not even share the real site's registrar.

* * *

The growing number of UDRP cases indicates that cybersquatting has become a pressing concern. That's why it's essential to stay on top of domain registrations that may interfere with your business, notably with tools such as Brand Alert API and WHOIS Lookup.

Related topics: Cybercrime, Cybersecurity, Domain Management, Domain Names, Whois

Comments