The law firm of choice for internationally focused companies

+263 242 744 677

admin@tsazim.com

4 Gunhill Avenue,

Harare, Zimbabwe

When Trademarks Attack: How To Detect And Disarm Doppelgänger Domains

Cybercriminals have a decided advantage when it comes to tricking the public. The human tendency to gloss over small, yet important, details like a misplaced period or an inverted set of adjacent letters can yield immeasurable value to these so-called typosquatters. Whether prompting speed-readers to head over to an unsafe website, or directing corporate insiders via email to transfer funds, doppelgänger domains continue to vex lawyers and security experts alike.

Although the increased reliance on web-searching (where a search term is run through a search engine) in lieu of typing in a specific web domain into an address bar has resulted in a diminished need for defensive domain name acquisition as far as web presence and accessibility, typosquatting (also called URL jacking), remains a vulnerability for phishing attacks against companies, according to Lesley McCall Grossberg, Counsel at BakerHostetler, who focuses her practice on IP litigation.

Grossberg believes that phishing attacks, by which an email is sent to company employees directing them to take action -– typically, wiring funds or providing credentials to accounts, predominantly impacts financial services firms and educational institutions most, as unsuspecting email recipients may be more likely to hand over personal or sensitive information if they believe it is being requested of them from their bank or university.

To best understand the impact of these exploits, it’s critical to understand the actors’ motivations. Typosquatting as an exploit is typically designed to compel any of the following objectives:

  • Sale of the domain back to the brand owner at a premium price
  • Creation of ad revenue from the site where traffic lands
  • Redirection of business to a competitor’s website
  • Commissions earned by redirecting typo-traffic back to the brand itself through an affiliate link
  • Passwords intercepts when visitors visit fake websites
  • Malware or adware revenue for illicit installs on visitors’ devices
  • Harvesting of e-mail messages mistakenly sent to the typo domain for valuable information
  • Dissemination of disinformation

Researchers at Godai Group who studied this issue profiled Fortune 500 companies and found that 30 percent were vulnerable to doppelgänger domain activity, detailing in their investigation that specialty retailers were the most susceptible to these exploits, followed closely by commercial banks and telecommunications companies.

The Legal Landscape

The Anticybersquatting Consumer Protection Act, enacted in 1999, first established a cause of action in the U.S. for intentionally registering, trafficking in, or using a domain name confusingly similar to, or dilutive of, a trademark or personal name. While the GDPR-induced recent policy changes of redacting private information from the ‘WhoIs’ domain registry has made identifying the registrant of a domain more difficult, an action for transfer of the doppelgänger domain name can be brought under the Internet Corporation for Assigned Names and Numbers (ICANN)’s Uniform Domain Name Dispute Resolution Policy (UDRP). Even if the registered domain name does not itself resolve to an active website, “using the disputed domain name as an email address to pass the registrant off as the complainant in a phishing scheme is evidence of bad faith registration and use, as required by under UDRP,” Grossberg said.

UDRP allows trademark holders to file a case at World Intellectual Property Organization (WIPO) for international violations. The complainant has to show that the registered domain name is identical or ‘confusingly similar’ to their trademark, that the registrant has no legitimate interest in the domain name, and that the domain name is being used in bad faith.

Organizations like the Commission Against Domain Name Abuse (CADNA), a nonprofit organization formed in 2007 to combat online infringement of brands and trademarks online across all top-level domains, represent the interests of companies in advocating for protections against these abuses.

Getting Ahead Of The Twinning Problem

Security and legal experts alike recommend several steps for mitigating doppelgänger danger. Be proactive and beat miscreants to the punch by purchasing and registering every conceivable doppelgänger domain before they do. Another approach that security experts recommend is configuring Domain Name System (DNS) servers to not resolve any doppelgänger domains to protect internal-only e-mail from being accidentally sent to a doppelgänger.

But just as important as the defensive measures, identifying whether bad actors are already using doppelgänger domains against your company interests is an important element of determining the right way to redress any future harms. Once identified, IP specialists and in-house attorneys are becoming adept at working aggressively to take down copycat domains filing under UDRP.

Gaining an understanding of whether attackers are abusing a company’s doppelgänger can be accomplished in a variety of ways. First, a company might learn first-hand of the use via its employees, customers, or a security company who investigates such security vulnerabilities in connection with a cybersecurity assessment. Second, there are companies that provide reporting around the existence of doppelgängers, such as KnowBe4.

For the protection of foreign domains, the Madrid System through WIPO, is an important element, allowing for a convenient and cost-effective solution for registering and managing trademark protection in up to 122 countries, with a single application and filing fee. It’s important to have that foreign trademark registration in place when trying to take down a domain associated with foreign domains.

Grossberg recommends that once a malicious use of a domain doppelgänger is identified in the U.S., a complaint should be made to the FBI’s Internet Crime Complaint Center (IC3). Another approach she finds effective is to follow up that complaint with a letter to the phisher, when possible, letting them know that a complaint has been submitted. The registration of international trademark rights has the added legal advantage of demonstrating additional evidentiary credibility when working through disputes at the IC3 level.

Finally, in yet another instance where the adage “see something, say something” pays valuable dividends, Grossberg believes, and cybersecurity firms like Nisos concur, that another critical component to solve this complex and vexing issue is to educate company insiders on identifying phishing attacks so that suspicious emails with doppelgänger attributes are immediately identified and forwarded to internal security teams for review, remediation, and referral to the legal department.


Jennifer DeTrani is General Counsel and EVP of Nisos, a technology-enabled cybersecurity firm.  She co-founded a secure messaging platform, Wickr, where she served as General Counsel for five years.  You can connect with Jennifer on Wickr (dtrain), LinkedIn or by email at dtrain@nisos.com.