Internationalized Domain Names and Homograph Attacks
With normal spoofing a scammer tries to get personal information by sending fraudulent emails masquerading as an official website an individual might be working with. While some fall for the deception, many know better since the domain name in the email doesn’t resemble the domain name they usually use to access whatever site. However, what happens if a domain name looks exactly like an official website?
This, in combination with a more ‘professional’ email, could trick someone into giving away all of their personal data. And when this happens they will eventually become victims of identity theft. But, how can a scammer acquire a domain name that looks official? It’s through the unfortunate practice of the homograph attack.
What is a homograph attack? A homograph attack is when a person makes an internationalized domain name, (also known as an IDN), look like a traditional domain name associated with a popular website. They are able to do this because of the way internationalized domain names work. Basically, internationalized domain systems use a different type of coding system than the ASCII-based domain names Americans are used to.
However, even with a different coding system, some languages have characters that look similar to characters used in American English. Scammers exploit this by taking these letters and creating domain names that look ‘new’ to browsers and servers, at least in terms of coding. To the human eye, these fraudulent domain names appear to already be taken, which is exactly what a scammer wants. They cause further confusion by creating sites that look pretty much like the sites associated with the original domain name that the scammers are spoofing.
Before and even after internationalized domain names became popular, homograph attacks were expressed through spoofing just English characters. Scammers exploited the visual similarities between ‘O’ and ’0′ or ‘I’ and ‘l’. Examples include ‘G00Gle.com or ‘PayPaI.com.’ If a person is not paying attention, they could still become victims, but at least these types of domain names still look unusual. With internationalized domain name homograph attacks, the above-mentioned websites could look just as they are supposed to, fooling even the most vigilant Internet user.
So, how can a person prevent becoming a victim of an internationalized domain name homograph attack? First, they should never click on any domain name that is given through an email. Instead, they should enter the domain name manually into their browser. In situations where one is working with a third-level domain that could be harder to remember, Internet users need to copy and paste the domain name into Notepad. This program will help them determine what character set and coding is being used for the domain name. If it’s not English and ASCII, a person should be weary.
In conclusion, internationalized domain name homograph attacks can cause a lot of havoc for Internet users. However, Internet users should find comfort in the fact that while they do need to be aware of the presence of the homograph attack, the traditional method of spoofing which is much easier to spot tends to be more common. This is because a person must be both clever and lucky to land an internationalized domain name that looks that much like a domain name that is already in use. It’s much easier for scammers to try and fool people through email hyperlinks.
After several minutes of pondering and looking at keyword analyzers, you find the perfect domain name for your new website. You see if it is available through your desired domain name company. When you find that it is, you get excited because it seems that it is going to be quite profitable for your site. So, you sign up for it, thinking that it is up for grabs, since your domain name company has said it is available.
Then after a few months you get correspondence from an attorney saying that your new domain name has violated another company’s trademark. You are now stuck with a potential legal battle that could cause you to lose your domain name, your reputation and maybe even worse. Fortunately, with domain name arbitration, there’s a chance you can get out of such a situation and avoid any possible legal consequences.
What is domain name arbitration? It is a process in which the complainant and the original holder of the domain name try to work out a reasonable agreement as to who actually has the rights to the domain name in question. The arbitration in itself is done through the Uniform Domain Name Dispute Resolution Policy, (also known as UDRP). This is a special arbitration method set forth by the ICANN (Internet Corporation for Assigned Names and Numbers) organization. It is used for most domain name disputes, because it is cheaper and less time-consuming than ‘traditional’ litigation.
In order to initiate a domain name arbitration proceeding, a webmaster must go through a provider that has been approved by ICANN to handle such disputes. Once the arbitration begins, the provider will first determine if the complainant has merit in their claim. They will do this by evaluating whether the domain name in question is similar to a trademark or domain name set forth by the claimant.
They will then determine what rights the claimant has to the title along with whether or not the domain was chosen accidentally or with the intention of taking advantage of the claimant’s brand popularity. If it is found the domain name was chosen in bad faith, rights to it will be granted to the claimant. Otherwise, the original owner will retain possession of the disputed domain name.
If either party is not satisfied with a domain name arbitration proceeding, they can challenge the findings in a regular courtroom. An example of this happened with Robert De Niro, when he tried to claim the rights to any domain name containing the phrase ‘Tribeca.’
In conclusion, domain name arbitration is a great alternative to avoiding taking a domain name dispute into a courtroom, at least initially. There is the option to go to court if either side feels an arbitration isn’t fair. Yet, for most webmasters, the decisions made by the UDRP panel are good enough for them, since getting their consul is a lot cheaper than going to a judge.
Many webmasters erroneously believe that just because their domain name registrar says a particular domain name is ‘available’ that it truly is. This is not necessarily so. Even if a domain name is physically available, it may not legally be open for use. Why? It’s because there might already be a company that has the rights to the keywords used within the domain name.
If this happens yet the webmaster claims the domain name anyway, they are at risk of losing it through a domain name arbitration proceeding. They could even be charged with trademark/copyright infringement if things get really ugly. For this reason it’s best to make sure the keywords used in a domain name aren’t protected for someone else. This article will explain how webmasters can make such a determination.
First, webmasters need to check and see if their chosen domain name resembles any existing trademark that is on the books. They will want to do this before actually investing any money in the domain name. To search existing trademarks, webmasters can visit the website of the U.S. Patent and Trademark Office which is USPTO.gov. From here they can search a database that contains current trademarks as well as those that are pending.
If a domain name is similar to a registered or pending trademark, webmasters need to evaluate whether the domain name is still worth taking. Usually, if a site is not selling the same types of merchandise or services that the other business is selling and the trademark is not popular, a webmaster probably won’t get into legal trouble if they decide to go on and register the domain name. To be completely sure, webmasters can run the domain name by a trademark attorney. It shouldn’t cost too much for an hour consultation.
Of course, if a webmaster would prefer zero percent risk, they can simply try to think of another domain name. When they go about doing this, they need to be more generic and less creative in what they come up with. Using search engine keywords for a domain name is one such strategy. Webmasters can also look into using dictionary terms. If all else fails they can take a generic term and combine it with a term that is less likely to be taken, such as their first and last name.
Either way, once a suitable domain name has been chosen, webmasters should consider getting it trademarked themselves, especially if they are using it to help brand their business. With an official trademark, a webmaster has more legal power should another company try to take them to court. And since there’s no shortage of domain name bullies, (companies that try to steal profitable domain names from smaller enterprises), a webmaster should use all legal avenues available to protect the rights of their business.
In conclusion, by checking whether or not a domain name has keywords that are part of a trademark, webmasters lessen the risk that they will have legal problems in the future. If there are problems, and a domain name arbitration proceeding does not rule in a webmaster’s favor, they can turn to The Domain Name Rights Coalition.
