Cybersquatters launch 10,000 attacks a week on top brands

Top brands face up to 10,000 "brandjacking" incidents a week from cybersquatters who are trying to pass off fake sites as genuine, according to new statistics from researcher MarkMonitor.

The direct cost of removing each one using a Uniform Dispute Resolution Policy process at ICANN, the top internet domain registry, is around £4,000 per incident. Legal fees can add thousands per incident.

Fortunately, relatively few people are responsible for most of the brandjacking, said Charlie Abrahams, vice-president and general manager of MarkMonitor. This allowed companies to identify the individuals behind the scams and to get a blanket injunction against them, he said.

"These guys are very organised and very sophisticated," Abrahams said. He said some are using obscure but legitimate domain registries such as .cm (Cameroon) or .co (Colombia) to register generic and brand names like sex.co or sex.cm or Coke.co. They hope to catch people who misspell the URL they really want or that search engines will deliver the "wrong" link together with the legitimate site.

They also set up automated watch lists to see when a legitimate domain name comes up for renewal. They hoped to re-register it in their own name before the real owner renewed it, Abrahams said.

Abrahams said CIOs needed to put their names on to auto-renewal and ensure that all their websites were registered in their employer's name. "It is surprising how many domain names for large brands are registered to former IT managers or website developers," he said.

Abrahams said the study is based on MarkMonitor's investigation of brandjacking incidents at 32 of Interbrand's Top 100 brands. The study found cybersquatting up by one-third over last year, and phishing attacks against retailers quintupled.

With cybersquatting, a non-brand owner registers as his own a well-known brand or a domain very close to or simply misspelled. This is by far the most common form of brandjacking, said Abrahams. Others include false association, domain kiting (using a domain name until the internet's domain name servers know who the rightful owner is), pay-per-click fraud and phishing, among others.

The study found 382,000 incidents of cybersquatting, 73,000 cases of false association, and 27,000 pay-per-click frauds. But there were bright spots. Paid search abuse halved, which meant there were also fewer objectionable pop-up advertisements and e-commerce abuses, Abrahams said.

Abrahams said more brands are under attack. Abuses aimed at motor vehicle makers were up 83%, with 95,000 in the last quarter of 2007 alone. There were two-thirds more attacks on food, beverage and other consumer packaged goods targets, while attacks on clothing brands were up 50%.

Traditional targets such as banks and media companies were up 23% and 38% respectively, the study found.

Abrahams said the US hosted most brandjacking sites (68%), followed by Germany (9%), the UK (4%) and Canada (4%).