The world of online brand protection is unpredictable and ever-changing, and no one could foresee the sustained impact of a global pandemic on infringement rates and cybersquatting cases. Cybersquatting is the practice of registering, trafficking in, or using a domain name wi
th the bad-faith intent of profiting from the goodwill of someone else’s trademark. WIPO created the UDRP in 1999, and is the global leader in case administration services.
To explore this evolving landscape, the Brand Safety Alliance spoke with Brian Beckham from the World Intellectual Property Organization (WIPO) Arbitration and Mediation Centre to discuss the evolution of domain name disputes, particularly the impact of the COVID-19 pandemic and the increasing sophistication of cybercrime. Based in Geneva as the Head of WIPO’s Internet Dispute Resolution Section that operates the widely adopted Uniform Domain Name Dispute Resolution Policy (UDRP), Brian is a highly regarded industry veteran and a regular attendee and speaker at a range of trade events including INTA and ICANN meetings.
The COVID-19 pandemic served as an unexpected catalyst for cybercrime. While many brand owners had to drastically cut budgets and many predicted a downturn in enforcement activity, Brian notes, “we were slammed with cases because everybody went online.”
This mass migration to e-commerce, e-learning, remote work, and communications created a fertile ground for infringements, leading to a surge in cases for WIPO in recent years and a sustained high level of malicious online activity.
The nature of online threats is also becoming increasingly sinister. When Brian joined WIPO in 2007 as a case manager, it was the heyday of pay-per-click advertising. Moving beyond petty annoyances, Brian says a significant portion of cases now involve outright illegal enterprise – by some estimates almost a quarter of cases nowadays.
“That might be fake invoicing, identity theft, fake login pages, phishing, scamming people’s credentials, or other malicious behaviour.”
A particularly worrying trend is the targeting of internal company systems. Cybercriminals have begun registering domain names that mimic internal login portals (e.g., hr.company.TLD or benefits.company.TLD) to steal employee credentials in an attempt to gain access to systems. This form of ‘corporate sabotage’ is a relatively recent development in terms of dispute cases, with some arising in the last couple of years.
Brand owners are struggling to keep up with these threats. Limited budgets force them to make tough choices about which infringements to pursue and some may only have the resources to address a fraction of what they detect. The situation is further complicated by the difficulty in assessing the true risk posed by newly registered domain names.
“No one is immune to this,” says Brian.
“We get a lot of filings from companies in the financial services and IT services industries, but no one sector is being targeted at the exclusion of others.”
“There are also domain name registration trends that follow events in the news.” For example, in the past year or two, many brands have faced cybersquatting in the .AI ccTLD given the rise of Artificial Intelligence products.
The emergence of artificial intelligence (AI) is also a game-changer in another way. Cybercriminals can now conjure up convincing websites with alarming speed. As the tools become more widespread and sophisticated, brand owners face greater challenges in detecting and combating malicious activities.
Brian champions the need for proactive measures to combat cybercrime. With another round of new TLDs on the horizon, WIPO and the ICA have convened a group of experts to explore options to adapt the UDRP to be quicker and cheaper in addressing certain types of fraud cases.
“One of the big questions that comes up is, does the UDRP continue to scale when cyber criminals have cheap AI tools at their disposal?
“Then the natural progression is a hope that we can make the UDRP even better - but at the same time it must be asked what could be done to prevent some of this from happening in the first place? A growing number of ccTLDs are deploying algorithms to detect actual or potential abuses with good success.”
That also raises the idea of proactive domain blocking as one possible opportunity for brand owners to take back some level of control.
Ultimately, the goal of policy makers should be to foster a more trustworthy online environment. This means ensuring that domain names aren’t weaponized for fraud and that users can have confidence in the websites they visit.
“We all have an interest in trust on the internet,” he says.
Tony Kirsch
