Home / Blogs

Fighting Phishing with Domain Name Disputes

I opened an email from GoDaddy over the weekend on my phone. Or so I initially thought.

I had recently helped a client transfer a domain name to a GoDaddy account (to settle a domain name dispute), so the subject line of the email—“Confirm this account”—simply made me think that I needed to take another action to ensure everything was in working order.

But quickly, my radar went off. Something was amiss:

Phishing email not from GoDaddy

  • The “to” line was blank, which meant that I had been bcc’d on the email.
  • The sender’s name was “Go Daddy” (with a space that the Internet’s popular registrar doesn’t really have).
  • Although the body of the email contained the GoDaddy logo, the footer of the email referred to “Godaddy” (without a space but with a lowercase “D” that is not consistent with the registrar’s style).
  • Upon actually reading the email, I immediately noticed the multiple grammatical errors in the first sentence: “Our records shows your account details is incomplete.”

Because I was looking at the email on my phone instead of on a computer, I couldn’t readily identify the link behind the prominent “Verify Now” button. But later, once I was in front of a PC, I saw that the link was not to GoDaddy at all.

Fortunately, I didn’t click the link until now, as I am writing this blog post. At the moment, it leads to a web page that says, “This Account has been suspended.”

Phishing for Info

If I had clicked the link when I received the email, I suspect I would have been taken to a page that looked like GoDaddy’s website and would have been prompted to enter my username and password. Doing so, of course, would have disclosed that sensitive information to someone else—someone phishing for exactly that information—which would have compromised everything in my account.

Fortunately, as far as I know, I’ve never clicked on a phishing link—or, if I have, I’ve never disclosed personal credentials.

But phishing scams seem to be getting more common and more sophisticated. And if I—a savvy computer user and domain name attorney—have to think twice before not clicking on a deceptive link, I can only imagine how many other people (hello, Mom?) must actually click on those links without giving it a second thought.

I realize this is really not new. But it underscores the importance of domain name disputes and how companies can use the Uniform Domain Name Dispute Resolution Policy (UDRP) and other tools to combat phishing as a way to protect their customers.

Google’s Phishing Fights

Just days after my “GoDaddy” experience, I read a UDRP decision involving a complaint brought by Google for the domain name <web-account-google.com>. According to the decision:

Complainant [Google] argues that Respondent engages in a phishing scheme to obtain personal information for users…. Complainant claims that the login information contained on the resolving webpage [associated with the domain name <web-account-google.com>] does not actually function, but rather Respondent uses it to obtain personal information from users.

The UDRP panel had no problem finding that this conduct constituted “bad faith” under the policy, and that Google had satisfied the UDRP’s other two elements as well, and it ordered the domain name transferred to Google.

Screenshot of web page at www.web-account-google.com (captured September 5, 2017)However, as of this writing, the UDRP decision had not yet been implemented, so, naturally, I went to see what the web page looked like using this domain name, that is, the page at www.web-account-google.com. As the image here shows, the page mimics a Google website: It contains the Google logo along with a header that says (in French), “Sign into your Google account.”

Surely, any non-savvy or careless (or simply quickly moving) Internet user directed to this page could not be blamed for thinking that he or she had arrived at a real Google page. But anyone who entered his or her Google credentials would immediately be disclosing them to someone other than Google.

The consequences for any such victim could be tremendous, giving a devious person access to, among many other services offered by Google, sensitive and personal email archives.

Fortunately for Google—and its users—this phishing scam will soon come to an end when the UDRP decision is implemented.

Using the UDRP

The UDRP is a popular way to shut down some phishing scams. Indeed, nearly 1,500 domain name dispute decisions at the World Intellectual Property Organization (WIPO) and the Forum—the two most-popular UDRP service providers—refer to “phishing.”

Surely, the total number of phishing scams is far greater than the UDRP numbers reveal, given that many phishing scams are short-lived and disappear before a UDRP complaint can even be filed; some phishing scams don’t involve domain name disputes; and trademark owners simply don’t have the resources to pursue every scam.

I have no idea how many people fell victim to this fake Google website, but I can quickly see that Google had dealt with this same problem in plenty of other UDRP cases, involving such domain names as <gmaill.com>, <googledocs.net>, <gmailcustomerservices.com> and <google-spain.com>, to list just a few.

Of course, Google is just one of many trademark owners that have used the UDRP to shut down phishing scams. Other technology companies, banks, hotels, financial services firms, insurance companies, and many others have successfully invoked the UDRP to stop phishers from harming consumers.

So, too, has GoDaddy, which won a UDRP decision a couple of years ago for the domain names <service-godaddy.com> and <services-godaddy.com>, which were used as part of a phishing scheme.

While the UDRP will never eliminate phishing, it is obviously an important tool that trademark owners are using to protect their customers from deceptive scams.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Doug Isenberg, Attorney & Founder of The GigaLaw Firm

Learn more by visiting The GigaLaw Firm website. Doug Isenberg also maintains a blog here.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API