Cyber attacks against your brand can be very damaging and costly to both your revenue and your reputation. Susan Prosser shows how you can resist, with the right tools.
In the World Intellectual Property Review 2012 Annual, we published an article, ‘Online Th reats to Your Brand: Defence on the Front Line’. Preemptive and proactive eff orts to defend your online brand were discussed.
No amount of eff ort is foolproof, however, and for most major brands it is a question of when, not if, you will have to respond to signifi cant and organised online fraud activity. In those cases, using available domain and Domain Name System (DNS) research tools, in combination with prevailing legal statutes, is the right response.
ACPA legal statute
The US Anticybersquatting Consumer Protection Act (ACPA) is designed to allow for prosecution of individuals or entities that register and profi t from domain nameswhich are confusingly similar to a company’s trademark(s). In a number of Federal cases companies have successfully defended their trademarks against cybersquatters using the ACPA as the backbone of their arguments.
In the June 30, 2008 case of Verizon California, Inc v Navigation Catalyst Systems, the defendant lost under the ACPA as the court determined that ‘domain tasting’ is a bad faith intent to profi t under the ACPA. It stated: “It is clear that their intent was to profi t from the poor typing abilities of consumers trying to reach the plaintiff ’s sites ... further, the sites associated with these names oft en contained links to products directly competitive with the plaintiff ’s cellphone and Internet businesses, potentially diverting consumers ...”
UDRP policy statute
Organisations looking for a quicker, easier defensive strategy can avail themselves of the Uniform Domain Name Dispute Resolution Policy (UDRP) that the Internet Corporation for Assigned Names and Numbers (ICANN) created to arbitrate domain name disputes in a cheap and effi cient manner. Note that the UDRP applies to most generic top-level domains (gTLDs) but does not apply to many country code top-level domain (ccTLD) extensions.
As the actor bringing the proceeding, it is incumbent upon you to prove three things to the panel of UDRP representatives:
• That the domain name(s) in question is confusingly similar to a mark that you have rights in;
• That the current domain registrant does not have any rights in the mark in question; and
• That the current domain registrant has used the domain name in bad faith. A UDRP win means you gain control and ownership of the domain name(s) in question, but there are no monetary or other damages awarded in a UDRP decision.
In the August 13, 2010, Juicy Couture, Inc v Huang Fengchu/Qin Xiao case, the respondent registered the domain name in question, which resolved to a website that displayed the complainant’s mark and sold counterfeit versions of the complainant’s products. The respondent failed to submit a response to the UDRP proceeding and, since the complainant satisfied the three proof elements listed above,the panel concluded that relief should be granted and ordered that the ‘juicycoutureusa. com’ domain name be transferred from the respondent to the complainant.
Defending your ground with powerful domain research tools
If you have fallen victim to a cybersquatter, here is what you should do to build your case:
• Do a Whois lookup. Discover all current ownership details, including individuals or companies listed, the registrar that holds the domain, the name servers, and more. This will give you a foundational understanding of who you are up against.
• Review Whois history. Find out how long the domain has been registered and used in fraudulent activities. Look at hosting history details as well to gather additional name servers and Internet protocol (IP) addresses that can be used in your case. If you come up against privacy protection issues in a Whois record, Whois history can be instrumental at uncovering that latest ‘real’ Whois data prior to the onset of the privacy records.
• Capture screenshot images of website home pages. This will provide you with dated evidence that illustrates content, including ads and images. This is particularly helpful in showing how the respondent created confusion with your customers or tried to profit from your brand or from selling your products on the sites in question.
"Once you have identified a bad actor it makes sense to keep an eye on it, the company, its name servers and its IP addresses."
Ongoing defensive safeguarding is also key in ensuring that your valuable trademarks and brands aren’t being targeted by criminals or bad actors:
• Uncover common typographical errors associated with any brand name. Use an online resource such as a domain typo finder tool. Discovering both registered and unregistered domains allows brands to take preventive measures and register available typo domains themselves.
• Be the first to know when someone registers a domain name. Use brand alerts to receive email notifications when any given term or phrase is used in a domain name registration. Taking action promptly on newly registered domains containing specific brand strings often results in quick resolution.
• Expose Whois record changes in domain names you already own. Receive an email notification via domain monitor alerts if anything changes with respect to your in-house domain names. Sometimes cybercriminals go after the domains you already own rather than the typos they can simply register themselves.
• Spot whenever a person or company registers a new domain. Use registrant alerts to receive email notification when a known perpetrator registers new domain names. Once you have identified a bad actor it makes sense to keep an eye on it, the company, its name servers and its IP addresses.
Using available domain and DNS research tools along with current legislation is the right plan to respond to significant and organised fraud activity. Taking the appropriate steps can safeguard your reputation, revenue and brand in the long run.
Susan Prosser is vice president of partner and industry relations at DomainTools. She can be contacted at: firstname.lastname@example.org
This article was first published on 01 September 2012 in World IP Review
udrp, acpa, cybersquatting, whois, online fraud