A negative side of the internet is the multitude of websites set up to act in bad faith. This article explains the different types of rogue sites, and how to fight against them.
Note to readers: There may be some discrepancy between different IP authorities on the exact definitions of rogue websites and other terms used in this article.
Rogue websites are sites that are set up for malicious or criminal purposes. This includes counterfeit-selling sites, typosquatters and cybersquatters.
Imitation websites work by trying to deceive consumers into believing they’ve arrived at the real website or an associated outlet of a particular brand. This is done by widely copying the brands trademarks, layout of the website, product listings and so on. Once the visitor reaches the page, they are then met with counterfeit copies of the authentic company’s products and services.
Similar to imitation websites, a bait and switch operation concerns fakes sites which sell or provide a product or service that the authentic company also sells, but which doesn’t necessarily attempt to fool the customer into thinking they’ve arrived at the company’s real website.
Example: A huge amount of variations on apple.com lead to websites offering cheap mp3 music downloads, but instead charge users for access to illegal file-sharing and torrenting communities and software.
Cybersquatting refers to the practise of claiming domain names in order to take advantage of trademarks belonging to someone else, and typically to use those domains in bad-faith intent.
There are two key ways that cybersquatters seek to profit from their practise. Primarily, they look to sell the domain back to the legitimate trademark holder. The other strategies used, if the domain can’t be sold, are to drive traffic away from the sites of the authentic brand, or to simply use the authentic branding to offer other products and services. Considering how cheap it is to purchase and maintain a domain in today’s world, and how important branding is to many companies, there is a lot of profit to be made from domain resale.
Example: Websites including whitehouse.com and madonna.com were registered by Dan Parisi, who took advantage of the often-searched websites and created adult websites on each of the domains. The rights to madonna.com were granted to pop singer Madonna after a court case, but whitehouse.com has seemingly remained in Parisi’s hands and is repurposed periodically.
A common tactic used by cybersquatters is to monitor lists of newly abandoned or expired domains, and to quickly claim them before the authentic brand can undo their mistake. Especially for smaller companies, or ones which aren’t very tech-savvy, having a domain expire and slip from control is an easy mistake to make, and one that can cost a company greatly to correct.
Typosquatting is the practise of registering new domain names which are similar to those of well-known brands, but which contain common typing or spelling errors. Once the domain is claimed, typosquatters then have a number of strategies to profit from the domain, including those listed previously.
A study carried out by Naked Security tested thousands of spelling and typing error variants of popular websites, and calculated how many of the total possible variants, out of many thousands, had been claimed by typosquatters. The results were as follows:
This staggering amount of claimed domains is indicative of the profitability that typosquatters enjoy within their operations. Interestingly, the study also showed that malware was extremely uncommon in typosquatting and that offering advertising, IT services, search functions and adult services are far more common, and less likely to be targeted by law enforcement or brand protection services.
Domain name speculation refers to buying and controlling potentially lucrative domains, for the sole purpose of reselling them later for a massive profit. This differs to cybersquatting, however, as the terms used are generic, and don’t infringe on trademark or other intellectual property. This results in domain name speculation not being an illegal practise, and practised openly online.
Example: Men.com is said to have been sold for around $1.3M.
A final, light example of rogue websites are joke sites. These are created to parody, or “troll”, the authentic brand, and are intended with humourous intent.
Example: The parody of PETA (People for the Ethical Treatment of Animals), an animal rights activist organisation. Peta.com had been established as the group’s official website, but had not claimed the peta.org domain. So, peta.org was bought by Michael Doney in 1995, and was set up as People Eating Tasty Animals. PETA took Doney to court and won the rights to the website, though not to reparation of damages.
The best protection against rogue websites is pre-emptive. Consider registering variations of your website based on a number of differences, such as:
Registering the most obvious domain variations for your own brand will hugely affect the profitability of cybersquatters, while only costing a few extra dollars per year. It is considerable simpler and less time-consuming to protect a domain this way, than to wait until rogue websites target your brand and buy up available domains in order to profit from your protected trademarks. However, even a tech-savvy company that follows this advice may find themselves with rogue websites affecting their brand, so it’s also important to know what to do next, once this becomes a reality.
At Red Points, we often deal with clients who have become targets of all types of rogue websites. We’ve outlined our process below, which we recommend you follow if rogue websites attacking your brand begin to appear.
First – send a cease and desist (C&D) letter to the contact listed on the page. If there is no contact listed, which is an unsurprisingly common occurrence, find the registrant of the website and send the C&D to them.
Next – using a tool like BuiltWith, find the Content Management System (CMS) that the site is working with and send a C&D to them. Examples of such services include Shopify, Amazon and Google.
Finally – if neither of the previous steps have worked, find whoever is hosting the rogue website and send a personalised C&D to them. Domain hosts are usually very compliant, and have a big responsibility to adhere to IP law.
If none of these steps result in the rogue website being removed, we urge you to get in contact with us at firstname.lastname@example.org, and we will be happy to help.