|
In this final article in our series of studies looking at Euro 2020-related infringements, we revisit domain name infringements and consider activity across other online channels, with a focus on social media and mobile apps.
Following the original study, which looked at domains registered before May 2020 with names containing “euro2020” or “euro2021,”1 we analyzed daily activity levels in the period immediately preceding and during the competition. As with the previous research, CSC made use of information from domain registry zone files to identify any newly registered and de-registered or lapsed domains with names containing variants of the competition name.
During the monitoring period, we identified 203 new domain registrations, plus 25 pre-existing registrations that had lapsed. The daily numbers of new domains are shown in Figure 1.
The analysis showed variable but continuing levels of activity throughout the period, but with average daily numbers of registrations somewhat higher prior to the competition than during it. This suggests that the registrants may have set up their sites early to maximise the length of time they could make use of them.
In terms of website content, many of the same types of sites identified in the first study continued to appear. At least 10% of the total of the newly identified examples again included the promotion of betting or gambling services, together with others featuring content relating to match streaming, ticket sales, or competition or prediction websites.
However, among the websites hosted on the domains registered after May 21, we observed a new set of trends:
The threat landscape is not restricted just to stand alone websites hosted on competition-specific domain names. We identified similar content on other channels, including social media and mobile apps. Figures 3 and 4 show examples of a range of content found in searches carried out in the final week of the competition. We also identified other types of potentially lower-threat content relating to Euro 2020 across the same channels, including:
While a subset of the findings in this study may be legitimate, much of the content we observed presents the potential for risk to customers and brand (trademark) owners, especially in cases where the material is not official or authorized. These include financial losses and reputation damage, and can be associated with phishing activity, the sale of counterfeit products, non-legitimate cryptocurrency schemes, fake gambling sites, distribution of malicious content, illegal distribution of copyrighted content, traffic misdirection, and the unauthorized use of brand terms or official imagery.
The range of online channels on which this content appears also highlights the importance of a holistic brand-protection service—encompassing both monitoring and enforcement—covering as many of these channels as possible. This is important not just because the different areas of the internet comprise different ecosystems in which the same types of issues can manifest, but also because there is so much overlap between these areas. Familiar examples might include mobile apps linking to eCommerce marketplaces, or social media profiles promoting standalone websites.
Even within a single online channel, it’s important for the coverage to be as comprehensive as possible. Where mobile apps are the area of interest, for example, a brand protection program should cover not just the main app stores like iTunes Google Play, etc., but also the myriad standalone APK sites where app files are available for download. This latter category of site can actually be a source of greater concern, since the apps offered here generally undergo less quality control, and are more prone to be unofficial, out-of-date, or associated with malicious content. Similarly for eCommerce, it’s important to consider not just the common, well known marketplace sites, but also to include an element of discovery within the monitoring, to identify previously unknown, standalone sites.
For some programs, or for monitoring associated with particular events, it may be prudent to cover the areas of the internet beyond those accessible using the standard techniques of search engine meta-searching, link crawling, domain zone file analysis, and direct site searching. Where phishing is a concern, CSC advises augmenting these services with a dedicated phishing monitoring program. CSC’s services use a combination of spam traps, honeypots, and other data feeds to find content that may not be identifiable through other routes2.
In the closing week of the Euro 2020 competition, a news story emerged in which an eCommerce site selling retro football shirts and merchandise was subject to a cyber attack where customer details were compromised. This led to a targeted email phishing scam where recipients were offered a cash-back bonus, to be claimed via a web form where they had to share their card details. The phishing emails used a typosquatted domain name—just one letter different from the official domain3. This case highlights not only how the types of targets for criminal activity can be influenced by external events, but also the importance of holistic monitoring. Domain monitoring and phishing detection can provide early warning of this type of scam.
The identified infringements associated with Euro 2020, as presented across our three articles1, 4, can have a number of victims. These include the owners of trademarks associated with the competition and teams, official partners and sponsors, and members of the public. They also highlight how a high profile event can drive criminals to focus their attention towards content and channel types receiving—albeit temporarily—increased levels of attention and web traffic. However, the Euro 2020 name is just one ephemeral example among an almost limitless range of brand names and ongoing events. Overall, these findings highlight the importance of continuous monitoring and enforcement, using a program approach that is flexible enough to change focus onto new areas of concern as they emerge and grow.
Sponsored byRadix
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byWhoisXML API
Sponsored byIPv4.Global
Sponsored byCSC