Category: Brand Protection

The information below is an update to the following blog posting: How Will ICANN’s Newest Domain Name Program Affect Your Company’s Brand?

Trademark owners outside of the adult industry may sign up with ICM Registry to block trademarks from showing up on its new .XXX gTLD. Trademark owners have been making several common errors when applying for a .XXX gTLD.[1] If your company plans on submitting an application before the Sunrise B October 28, 2011 deadline, keeping these mistakes in mind can help you avoid paying multiple fees and having to reapply.[2]
Read the rest of this entry »

Internet Corporation for Assigned Names and Numbers (ICANN) has instituted a new generic top-level domain (gTLD) program that will create a means for prospective registry operators to apply for new gTLDs, and create new options for consumers in the market. Every domain name around the world ends with a top-level domain (TLD); these are the two or more letters that come after the dot following a web address. Read the rest of this entry »

Image reproduced with permission from Agent-X.

When Cyveillance cyber security experts speak at industry events and client meetings, the conversation almost inevitably turns to social media. Large businesses want to embrace social media websites like Facebook, Foursquare, and Twitter while avoiding the public relations blunders that social media sites easily make possible. Marketing departments see huge opportunities while legal and security departments foresee dangers and headaches on the way. Who is right?

Of course they are both correct. However, in order for both to be satisfied, a middle ground that must be found. The question is how to find the balance between risk and reward. Finding that balance will vary for each organization but one thing is certain: no organization can afford is to do nothing, hoping that common sense will prevent indiscretions by employees.

Here at Cyveillance we have seen far too many cases of employees disclosing confidential information online that should never reach the public. As Batman explains in the cartoon from Australian artist Agent-X above, some employees feel compelled to make unwise disclosures online. Indeed, one can find serious breaches of sensitive information with implications for national security without a lot of work.

So relying on the common sense of employees is not a very safe or wise strategy. At some point an employee will make a comment online that is not desirable from a PR or security standpoint. It happens sooner in larger organizations but inevitably it happens to most out there.

Worse, while such mistakes are never acceptable, some employees can honestly claim that they did not know they were not supposed to talk about work on their Facebook, Twitter, or other social networking sites. Sure, they should have known, but they have that defense because their employer never got around to developing a social media policy and educating their employees about it.

This is not breaking news. Many organizations, whether public or private, know they need a policy but are at a standstill while legal, marketing, IT, and security departments figure out who has what responsibilities. That is, if they’ve even had inter-departmental meetings on the topic to begin with.

The important thing is to have something in front of employees as soon as possible, calling it an “interim social media policy” if necessary. Tweak it as circumstances change, but do not wait idly in the meantime. Given the speed of communication on through social media, no one can afford to wait.

If you’d like assistance developing social media policy for your organization, don’t hesitate to contact us. Cyveillance specializes in helping you minimize the damage that can occur to your organization by inappropriate disclosures of sensitive or confidential information on the Internet.

In mid-February Harvard researchers Tyler Moore and Benjamin Edelman posted their research on the prevalence of typosquatting, the practice of registering and monetizing domains that would likely only be visited on accident when internet users misspell the web address of legitimate websites. Among several findings in their work, titled Measuring the Perpetrators and Funders of Typosquatting, they report that 80% of typo domains lead to pay per click ads, and almost two-thirds of typo domains can be traced to just five individual advertisers using Google AdSense.

Edelman was kind enough to answer a few questions about their research.

Cyveillance: Your paper is premised on the idea that typosquatting unethically diverts traffic from legitimate online destinations. You open one of your paragraphs with the line, “Most large domain registrants present themselves as ‘domain parkers’ or domainers.” Some readers may be confused about your position on domaining as an industry. Can you clarify your stance on domaining in general?

Ben Edelman: I don’t see much genuine value coming from the domaining business. Yes, some users guess domain names, and domainers can cause results to be shown to users who might otherwise receive error messages. But most web browsers already show results that are at least as useful as domainers’ placeholders – often better, with genuine organic results rather than merely advertisements.

Meanwhile, domainers cause some important harms: For one, as detailed in my article, domainers deplete advertisers’ budgets. Domainers also make it more costly for entrepreneurs to obtain the domains required to run actual substantive businesses: A domain might truly be unclaimed, in the sense that no one has ever used it for anything interesting, but a domainer would nonetheless be able to withhold that domain from a would-be user until they agree on a price. Combine these harms with the remarkably widespread ongoing problem of typosquatting, as presented in my article, and the net value-add of domainers is far from clear.

Domainers will vigorously defend their right to advance-register large numbers of domains, as if this is some kind of moral entitlement. I’m not so sure. In many areas, landowners are (and, historically, have been) required to improve their property lest they be a blight or eyesore to others. The analogy here is less direct: Which domains are “near” an unimproved domainer domain? But certainly unimproved domains harm others, by impeding what could be direct navigations, and by driving up costs to others. Indeed, limits on domain purchases have ample precedent – dating back to Jon Postel’s early restrictions on how many domains a single person or entity could request, and similar restrictions in certain ccTLDs. At least as against domainers with thousands, tens of thousands, or even hundreds of thousands of domains, these ideas do ring true to me.

Cyveillance: In your attempts to collect information about the behavior of typosquatting domains, some websites prevented your systems from gathering information about them. Can you discuss which servers attempted to prevent your analysis? Are you aware of any direct or indirect response to your investigation on their part?

Ben Edelman: Google has pointed out that it will disable typosquatting domains in response to a trademark holder’s specific request. Indeed, but what about infractions that come to Google’s attention some other way, such as in my article or in a complaint from the general public? What about infractions that are readily apparent to Google, thanks to Google’s excellent semantic analysis software? Google does as little as it can – letting Google and its partners continue to profit as widely as they can. Once Google is on actual knowledge that a domain is a variation of a trademark – either because a member of the public says so, or because Google’s own software figured it out – I’d like to see Google avoid targeting ads to that domain. And there’s a strong case that that’s exactly the behavior that the ACPA requires.

Meanwhile, trademark holders have ample grounds to be angry. And reading my article, I believe a new set of trademark holders is remembering that there’s more they could do here.

Cyveillance: Many merchants make use of affiliates to promote their products and services on the internet. You mentioned that “Few affiliate merchants affirmatively allow typosquatting, and most disallow it when it comes to their attention.” What recommendations, if any, do you have for merchants in this situation? Why do you believe most do not prohibit typosquatting among their affiliates to begin with?

Ben Edelman: An easy first step is a specific contractual prohibition on affiliates registering or using typosquatting domains. But merchants then need to follow through on this prohibition by implementing effective, robust enforcement. And merchants would do well to penalize violators, including through litigation. Recall Lands End v. Remy, wherein Lands End sued several LinkShare affiliates who had used typosquatting domains to claim affiliate commissions they had never properly earned.

Cyveillance: Your article states that there are “two main uses for traffic diverted to typo domains: placing pay-per-click ads and redirecting to other (often competing) domains.” Both situations cost brand owners money. This may seem obvious, but just to be sure: which is worse for a brand owner in your opinion?

Ben Edelman: They’re both unlawful, and they’re both unacceptable.

Cyveillance: You conclude by offering that the parties with the most ability to reduce typosquatting are the ad platforms of Google and Yahoo. Do you expect to see either company modify its practices based data like that found in your investigation?

Ben Edelman: I see the two main ways to compel ad platforms to change their practices: litigation and public outcry. Both are underway.

Cyveillance: Based on your research what advice do you have for brand owners when faced with the problem of typosquatting?

Ben Edelman: Trademark owners need not write off typosquatting as an unavoidable cost of doing business. Perpetrators are identifiable, and legal remedies are clear. In few other contexts do sophisticated companies sit back and let themselves get cheated. I don’t see why they’d want to do that here.

In late September, Google introduced Google Sidewiki. Sidewiki is, simply put, “a browser sidebar that lets you contribute and read information alongside any web page.” Currently Sidewiki is only fully available in Firefox and Internet Explorer but it is expected that Safari and Google’s own Chrome browsers will be supported in short order.

The reaction in the online community to Google Sidewiki has been mixed. The consumers who are aware of Sidewiki seem indifferent or positive about Sidewiki but the reaction among brand managers, marketers, and some webmasters ranges from apprehensive to hostile. Certain industries like pharmaceuticals are watching especially closely as they hash out what types of legal responsibility they may have to report adverse drug reactions that are published in Sidewiki.

Of course, like any place online, if there is a place to present content, spammers will attempt to take advantage of it. As Danny Sullivan wrote, “not all comments are created equal”, and Google is aware that it must dedicate resources to handling Sidewiki “contributions” that are spam or even more dangerous to end users. Sidewiki, like blogs, forums, Twitter, and other harbors of user-generated content online, could be a viable medium for spreading malware online. The impetus is high for Google to successfully determine what Sidewiki contributions are not dangerous to end users.

Sidewiki spam created to drive traffic to pornography websites. Warning: adult language.

Digging a Little Deeper

In an effort to understand the adoption of Sidewiki, Cyveillance began watching the directory on Google.com where Sidewiki entries are being archived for users to view even if they do not have Sidewiki installed on their browser. Beginning on October 13, on a daily basis Cyveillance searched the directory where Sidewiki entries are stored by searching site:google.com/sidewiki/entry, and noting how many results Google said existed for these Sidewiki entries at the top of the page in the statement, “Results 1-10 of about (number)”.

A couple caveats for the experimentally minded: the queries were not made at the same time every day, and were not always performed from the same geographic origin. However they were done in both Safari and Firefox, while logged in to Google and logged out, to see if these made any difference in the results. The query was also performed from an iPhone for good measure. Here is a screen capture of the results for October 24th.

On October 24th, the directory of Google Sidewiki contributions contained 1,130 entries.

The number of results did occasionally differ depending on the browser used and whether the experimenter was logged in to Google when the query was made. However the differences were negligible and can probably be attributed to the query momentarily being routed to a different Google data center that was just a bit out of sync with others.

Number of Google Sidewiki entries over time when queried from Firefox while logged in to Google. (No query was made on November 17th.)

A couple of interesting details come from the above chart, which displays results returned when the site:google.com/sidewiki/entry query was performed in Firefox while logged in to Google.

• The number of Sidewiki contributions appears to actually have decreased over time. This is surprising as the number would be expected to rise while more users contribute more Sidewiki edits.
• The directory claims to be empty as of October 31. Since October 31, Google has returned the query saying there is nothing in that directory: “Your search – site:google.com/sidewiki/entry – did not match any documents. “

Why does it appear Sidewiki usage slowly decreased over time? Perhaps there was an initial rash of spammy or low quality contributions that were being culled from the results as Google tweaked its ranking algorithm for Sidewiki contributions. Still, it is surprising that (at least according to those results) there was a net loss of Sidewiki comments.

More importantly, where did the Sidewiki contributions go on October 31? They were not erased completely or put somewhere else like google.com/sidewiki/author. They still exist in the subfolder google.com/sidewiki/entry, as can be seen in this example, this example, and this example.

Did Google remove results from the subfolder google.com/sidewiki/entry by modifying its robots.txt file? A quick check of Google’s robots.txt file from October 31st has no mention of any sidewiki folder, so it is indeed intriguing why a query of the folder states there is nothing in there. (On October 31 there was a Halloween theme to Google’s robots.txt file but nothing excluding URLs from any /sidewiki folder.)

What Does It All Mean to You?

Luckily for brand owners, the surprising results are not likely to be the result of an intentional effort to make Sidewiki contributions hard to find, but rather a reflection of internal shuffling as Sidewiki is fine-tuned. One example of the tweaking that Sidewiki is undergoing can be found on the Sidewiki leaderboard pages, which currently have an “under construction” notice (you can see their earlier incarnation here). The service is just over one month old, and it is unrealistic to think that the way it is offered at the beginning will be the way it looks even six months after release.

In any case, Cyveillance recommends that enterprises be aware of Sidewiki in these early days and moving forward to monitor closely what visitors are saying about your organization. It is one thing for someone to complain about your organization on their own blog, but it is another thing entirely for that person to be able to write whatever they want on what feels like your actual site. For the proactive types, you can also submit product ideas for Google Sidewiki, for example, where the push to make Sidewiki opt-in for websites (instead of automatically available for Sidewiki comments) seems to be a popular suggestion.

UPDATE November 5: It may be that the reason that Sidewiki entries were not appearing in search results for the query site:google.com/sidewiki/entry was because they added noindex, nofollow to the meta tags of those pages. However it appears they also added Disallow: /sidewiki/entry/ to their robots.txt file within the last 24 hours as well.

What is a “scad”? Scads are deceptive sponsored search results that usually appear at the top and along the side of a web page. Deceptive sponsored search results (scam ads or scads) happen when advertisers misrepresent themselves by using brand names they aren’t affiliated with or authorized to use. This unauthorized use of a well-known brand can lead to consumer confusion, lost brand equity or worse.

Studies have shown that the majority of online consumers, over 90%, do not recognize the difference between a paid search result and a natural search result. While most online advertising using another company’s trademark is fairly innocuous and may eventually lead a consumer to a corporate website, many divert traffic away from the intended location.

Some online ads even go beyond simple brand misuse to blatantly deceptive ad language and positioning. In some cases, the purpose of the scad is to commit identity theft. By positioning bogus, or easily compromised, reservation or purchase pages criminals can easily capture personal credentials for illegal use. Even more alarming is the presence of malware. It has begun to appear in the underlying URLs of some advertisers; the exact rate of malware presence is unknown.

Recently, Cyveillance gave official support to an organization focused on combating this form of bait-and-switch and educating consumers. The Alliance Against Bait and Click (AABC), www.stopscads.org, launched in late July 2008 with the purpose of educating the average consumer about scads and ways to combat them.
The AABC is comprised of a diverse group of leading experts, organizations, and companies working together to stop bait and click and to make deceptive sponsored search results a thing of the past. Currently, many of the member organizations come from the hospitality industry but is quickly expanding to others that are sensitive to this issue. If your company is interested in joining, watch for upcoming meetings on the subject.

Cyveillance has long been aware of these scams and continually educate our clients about this form of brand dilution and traffic diversion. For several years now Cyveillance has offered a Paid Placement Monitoring Solution to assist clients in identifying individuals or companies who bid on their trademarks and/or are using their brand without authorization.

For more information on Cyveillance or the AABC, please contact your Cyveillance Analyst or visit the AABC website at www.stopscads.org.

Cyveillance has recently observed an increase in the volume of spam email related to a domain registration scam. This scam typically targets individuals in Fortune 500 companies and attempts to create a sense of urgency around the need to register country code top-level domains (ccTLDs) before a fictitious holding company purchases them, making them unavailable. Many of the ccTLDs we have seen include:

• net.cn
• org.cn
• hk
• tw
• com.tw
• asia

The scammers portray themselves to be good corporate citizens by informing companies of the registration inquiry. However, we know better. Their agenda is to try to entice the target company to register the Asian domains quickly at a superficially high rate.

Cyveillance recommends the following actions if/when someone in your organization receives one of these emails.

1. Follow your company’s Domain Registration Policy. If you would like to own any of the domain names listed in the scam email, contact a reputable registry to purchase these domains though your normal channels.
2. Delete and ignore the messages as you do with conventional spam. You are not required to take any action, so do not respond or engage in negotiations with the scammers at all.
3. It is still your trademark/brand and you have a right to defend it. You should not be extorted into buying domains prematurely. If any of the domains listed in the emails are ever registered by companies that do not have a relationship with you, you have the right to send Cease & Desist letters or to engage in the UDRP process to recapture that domain.

Shown below is just one example of the emails received.

From: xxxxxxxxxxxxxxxxxxxxxxxxxx
Sent: Wednesday, August 20, 2008 5:18 AM
To: xxxxxxxxxxxxxxxxxxxxxxx
Cc: Platinum Card Mailbox
Subject: xxxxxxxxxxxxxxxxx Domain Names

Dear CEO,

We are SK Net Service Company Ltd, which is the domain name register center in China.I have something need to confirm with you.
we have received an application formally,one company named “MAIRHK Holdings Limited” applies for the domain names
xxxxxxxxxxxxxxxx.net.cn
xxxxxxxxxxxxxxxx.org.cn
xxxxxxxxxxxxxxxx.hk
xxxxxxxxxxxxxxxx.tw
xxxxxxxxxxxxxxxx.com.tw
xxxxxxxxxxxxxxxx.asia
and the internet Brand Name(xxxxxxxxxxxxxxxx)on the internet Aug 19, 2008. We need to know the opinion of your company, because the domain names and keywords may relate to the usufruct of brand name on internet.
we would like to get the affirmation of your company, please contact us by telephone or email as soon as possible. Please let someone in your company who is responsible for trademark or intellectual right contact me freely.

Best Regards,

Rock.Tian
Sponsoring Registrar:
SK Net Service Company Ltd
Add: 3A, Units 20/F, Far East Consortium Bldg,
121 Des Voeux Road, Central, Hong Kong
Tel: +852-3075 9838
Fax:+852-3177 1510 +852-3177 1520
website:www.sknetservice.hk

Beginning May 5, 2008, Google will no longer protect brand holders against competitors bidding on their trademarked terms in pay-per-click advertising. Previously, Google Adwords policy allowed trademark holders to eliminate the unauthorized use of their trademarks as bid terms by competitors. Brand Republic has the story here.

At best, the policy change will increase bid prices requiring advertisers to pay more for ads triggered by their own marks. At worst, the policy may result in more widespread customer diversion as well as increase fraud-related activity that uses pay-per-click as the attack vector.

It appears that the recently retired Oldsmobile brand will soon return as a Japanese car. Even more surprising, Toyota was able to obtain the rights to the Olds brand because GM failed to process the appropriate paperwork to re-register the brand name. Read about it here.

There can’t be an easy to way to tell your boss that you just lost a 100+ year old brand to a procedural error. On the positive side, Oldsmobile may now see their reliability ratings soar.