Homograph attacks call for stronger trademark protection

Homograph attack, domain spoofing, using a counterfeit domain - no matter what you call it, this sophisticated form of phishing is bad news for trademark owners, brands, and users. In a nutshell, here's how it works.

Internationalised domains have made it easier for cybercriminals to register counterfeit domain names which look similar to authentic domains. Using non-Latin Unicode characters – like those found in Cyrillic and Greek scripts – bad guys register domains which, at first glance, look like a real domain used by a business or company. Users are fooled by the domain, click on it, and sent straight to a phishing website designed to collect their personal details, download malware, or both.

Here's an example of how easy - and deceptive - this practice is. Https://www.аpple.com appears to be a normal URL, directing users to Apple’s site, but it's a counterfeit. The “a” in "Apple" is the Cyrillic “a”, not the Latin script “a”. Many wouldn't even notice the difference. (Don't worry. If you click on this link, Google will send you an error message showing that the site can't be reached.)

When a trademark gets into the hands of cybercriminals wanting to trick users, severe harm will be done to a brand's reputation, site traffic and, consequently, bottom line. (See our previous post for more on how an IDN homograph attack puts your brand’s reputation at risk.)

But, now, DPML can be used to block domain name variants which rely on these scripts. This new update to DPML comes at no extra charge and is available to customers with a new or existing DPML subscription.

How does DPML work?

In case you’re unfamiliar with DPML, it is a service which provides trademark holders with greater online brand protection, protecting any trademark registered with the TMCH (Trademark Clearinghouse) from being abused by cybercriminals. DPML will protect the TMCH registered trademark by blocking trademark variants from being registered across all Donuts gTLDs, now numbering over 240. The block is valid for up to ten years.

If you register, for instance, “EXAMPLE” with the TMCH, you can purchase a DPML to block “EXAMPLE123”, a variant which contains your trademark in its original form - which is important to note. You can only purchase a DPML block for a variant which includes your trademark in its complete form. So you couldn’t block, say, “EXAXXXMPLE” or “EXAYYYMPLE”.

More specifically:

• DPML can only be applied to strings matching the strings in the TMCH.

• Your registered TMCH trademarks must remain current. DPML protection will end once your TMCH registration expires.

• DPML will not block a domain that is already registered. And once the registration expires, the DPML block will automatically be reinforced so as to prevent the name from being registered by the public.

• In rare occasions, DPML blocking is not applicable. For instance, it is not applicable to domains which have been classified as premium.

• The WHOIS directory will show you if a DPML block already exists for a specific domain and, if one has been applied, only trademark owners with a matching trademark can unblock it. So, for instance, if “EXAXXXMPLE” in Spain and “EXAXXXMPLE” in France have matching trademarks, one can unblock the other’s individual domain.

Homograph attacks pose a significant risk to brands

With homograph attacks a growing problem, the need for brand protection has never been greater. DPML with homograph attack protection provides trademark owners added assurance that their brands aren’t being abused online.

Protect your brand from malicious intent with DPML, available through EuroDNS. Our Sales team is available to answer any questions or help you get set up: +352 263 725 250 or sales@eurodns.com.

photo credit