msalangsang, Author at MarkMonitor

Consumers look to brands for online protection, study shows

Chrissie Jamieson December 13, 2018May 31, 2019

We have seen a dramatic rise in online sales in recent years – the Office for National Statistics reports an increase from, 9.7% five years ago, to 18% today, as a percentage of all sales.

This represents a huge opportunity for retailers – but unfortunately, they are not the only ones benefiting. Counterfeiters, fraudsters and cyber criminals are cashing in too.

Just as the web can be used to promote, market and sell legitimate brands, it’s also an ideal tool for counterfeiters to sell fake goods. And this is especially true in the gift-giving season, with 91% doing at least some of our shopping online, according to our recent research.

What do the numbers say?

Consumers may no longer be naïve when it comes to online shopping – our research shows that almost two-thirds of respondents check the trustworthiness of websites by looking at online reviews, and 43% say they check for SSL certificates. Despite this, shoppers are still being duped into buying fake products.

The prevalence of fakes on the Internet, coupled with the sophisticated methods counterfeiters are using to market and sell them, means it’s not always easy to spot one. Sometimes they are not always noticeably that much cheaper, or visibly different from the real thing. Indeed, our research shows that one in three consumers has inadvertently bought a fake product, with 68% of these purchases being bought as festive gifts.

Brands cannot rely on the vigilance of their consumers alone – they need to ensure they’re doing all they can to protect their reputation, their bottom line and, most importantly, their customers. This sentiment was also reflected in our research with the majority of consumers (88%) who have fallen victim to counterfeiters saying that believe brands should be doing more to protect them from the online counterfeit threat.

A health and safety concern

Along with the disappointment of discovering a product is a counterfeit, consumers also find they’ve lost money. But this is not the biggest worry – according to the Journal of Trading Standards, faulty electrical products cause 7,000 household fires each year. Counterfeit toys can also pose a risk to health and safety and fake cosmetics and pharmaceuticals can have a significant impact on health.

The consequences of counterfeit products are far-reaching; affecting not just the genuine brand, customer trust, and revenues, but also the wider economy in terms of job losses, health and safety, and even funding criminal activities.
Combating counterfeiting should remain a key mission for brands – not just in the luxury goods market, but across all industries.

Building your strategy

For many, this will include developing a comprehensive online brand protection strategy as part of a wider brand protection plan. Whether this plan is implemented and managed in-house, or with the help of a brand protection expert, the fact remains that it is vital in the fight against counterfeiting and counterfeiters, both in the festive period and throughout the year.

For more information about protecting your consumers and impacts to your business, read our latest Global Online Shopping Survey.

Webinar discusses bottom line impacts of brand protection

Chrissie Jamieson November 26, 2018May 31, 2019

Imposters can damage your reputation, impede consumer trust and put a dent in your sales numbers.

In today’s omni-channel environment, infringement threats have heightened more than ever. And brand impersonators are not exclusive to certain industries. Historically, businesses selling luxury high value items would be targeted. But this is no longer the case – any brand in any sector can become a target, especially if much of the brand’s value lies in intellectual property. Areas most at risk include toys, medical instruments, perfumes and cosmetics, and electrical machinery and equipment.

We recently carried out research with 600 marketing decision makers, and almost two-thirds of our respondents said they believed brand infringement had increased in the last 12 months. This is a worrying trend, especially when you consider the safety implications as well as the infringement issues around counterfeit cosmetics and medical instruments.

We wanted to understand more about the scale of the threat, so we asked the respondents which channels used for brand communications had been subjected to infringement and abuse over the last 12 months. They responded that websites had experienced the highest levels of infringements, closely followed by email. In addition, most highlighted that they are paying more attention to domain name strategies in light of the prevailing cyber threat.

These factors have converged to a point where businesses agree that an evolution in brand protection underway. With security threats expanding, online brand protection is also gaining more support from the key stakeholders within a business – right up to board level.

The consequences of getting a brand protection strategy wrong can be devastating for your business. Register for our upcoming webinar to learn more about this ground-breaking research and discuss what it means for your brand online. Please click to register.

New gTLD winds of change continue to shift

Sherry Hildebrand November 19, 2018May 28, 2019

Gaining access to information on the ever-changing new gTLD ecosystem remains paramount to domain registration strategies and to maintaining a successful domain portfolio.

To date, more than 1,200 new generic Top Level Domains (gTLDs), have been delegated, including:

Geographic terms (.NYC, .LONDON, .OSAKA)
Generics (.FILM, .FASHION, .SPORT)
Brands (called ‘dotbrands’ and applied for in a brand’s own name)

A TLD is considered delegated once it has been added to the internet’s authoritative database, the Root Zone. TLDs are delegated to the respective registry operator by ICANN, but the registry operator sets the timetable as to when, if ever, to launch the TLD.

Many brand owners felt challenged enough prior to the launch of the new gTLD Program, when – in 2012 – there were “only” 22 gTLDs delegated, the most well-known of which is .com. The new gTLD program has resulted in an increase of 5,445.45% of the number of gTLDs being delegated over the past five years. To say this program has had a significant impact on the domain industry, and on our clients’ brand protection efforts, is to put it mildly.

But the growth and situation aren’t as overwhelming when looking at this data from a different angle: not all TLDs that have been delegated by ICANN have been launched to actively allow domain registrations, and more than 500 of these new gTLDs are dotbrands.

That said, it is important that brand owners not rest on their laurels, as new gTLDs can be reassigned, and can move from being a dotbrand to a generic TLD. A recent example of this is .MONSTER. This TLD’s contract was reassigned, and it now appears that this dotbrand TLD will become a generic TLD under the new registry operator. Brand owners not planning to protect their brands in the .MONSTER TLD must now consider doing so, especially if the TLD takes on an identity as a synonym to “expert” as .NINJA and .GURU.

This is not the first new gTLD to be reassigned by shifting from a dotbrand to a generic TLD – and likely will not be the last. With more than 1,220 new gTLDs delegated, the chance for continuing change is nearly guaranteed.

Our Global Relationship Management team works hard to keep up-to-date on industry changes so that MarkMonitor can disseminate information to our clients as effectively as possible. Our Client Services Manager team in collaboration with our Domain Strategy team then turn this knowledge into meaningful strategic guidance that assists our clients in the successful day-to-day administration of their domain portfolios.

Our goal at MarkMonitor is to help you make the best brand protection and domain management decisions, and we would be happy to assist you today.

ICANN63 Barcelona: Updates from the 20th AGM

Brian King November 16, 2018May 28, 2019

The MarkMonitor team is pleased to provide updates from the recent ICANN meeting in Barcelona, Spain.

This meeting marked the 20-year anniversary of ICANN’s existence and was ICANN’s 20th Annual General Meeting (AGM). The AGM format consists of seven days of sessions and includes two open community sessions, during which the ICANN board makes itself available for questions and comments from anyone in attendance.

This year’s AGM kicked off with an additional daylong session of the Expedited Policy Development Process (EPDP) team, meeting to work on the state of WHOIS data post-GDPR. The MarkMonitor team was engaged in various sessions for the duration of the meeting.

EPDP meeting – a celebrated success

The EPDP team met on Saturday with thunderous applause from the audience when it finally (after months of debate) agreed on a list of purposes for each type of entity involved in processing WHOIS data, a preliminary task required both by GDPR and the EPDP group’s charter. With that task accomplished, the EPDP team shifted gears toward policy positions for inclusion in the group’s Initial Report, seeking consensus across the nine participating organizations.

When the ICANN meeting officially kicked off on Sunday, the MarkMonitor team continued our engagement with ICANN staff, our valued vendor partners and entities such as the Registrar Stakeholder Group, Business Constituency, Intellectual Property Constituency and Brand Registry Group, working for smart policy that helps our clients protect their businesses and their customers online.

Tech Ops session focuses on security

Importantly to our clients, MarkMonitor hosted a Tech Ops session focused on improving both security and practicability of domain name transfers in a WHOIS-redacted world, and we advocated for strong rights protection mechanisms and a “smart and soon” approach to opening the next round of .Brand new gTLD applications.

For more details on the 20th ICANN AGM, including how we advocate for our clients at ICANN, please check out our post-ICANN webinar recording.

And don’t forget to get in touch. Both myself and your CSM would love to hear about how we can best advocate for you.

What makes brand protection a business priority

Chrissie Jamieson November 7, 2018May 28, 2019

As the threat landscape expands, online protection is no longer left solely to a single department. Implementing a strategy now calls for buy-in from top management along with involvement from multiple areas of business.

Advances in the internet and the proliferation of social media pose many dangers to your organisation – from counterfeiting and impersonation, to fraud and piracy – impacting consumer trust, your market reputation and your bottom line. Having a plan in place is more important than ever given the rapidly-changing threat landscape and the next generation of online criminals seeking new ways to take advantage of your brand. Protecting your name and your consumers has become paramount.

What the numbers show

New research commissioned by MarkMonitor, which surveyed 600 marketing decision makers, discovered that 72% of respondents thought that brand protection has gained attention following a general increase in cybersecurity focus.

Forty-six percent said they expected more involvement from the board, and another 46% also felt that IT and security teams have more of an influential role in developing a brand protection strategy. The majority also believe that the responsibility for brand protection will change in the next year.

Consumer centricity

The primary objective of your brand protection strategy, then, should be keeping consumers safe. Indeed, 84% of the respondents highlighted that consumer behaviour plays a major role in how their brand protection programme is prioritised.

By prioritising infringements based on where consumers are likely to encounter threats â you can be more effective and save time and resources by not having to remove every single infringement. It also helps better protect your consumers.

To do this effectively, you’ll need to understand where your threats originate. Given a better understanding of this, you can identify which technologies can help address them. The same respondents were asked how most of today’s threats were targeted. Phishing (37%), social media (36%) and unauthorised websites (34%) were among the top reported.

The technology

Counterfeiters, pirates and cybercriminals are becoming more sophisticated in their methods, but technology is also advancing; you can take advantage of this to stay up-to- date with the shifts in risks and threats. Time and budget should be allocated to evaluating which technology best meets your needs.

The likes of AI, machine learning and big data analytics can be used to monitor the threat landscape in a more efficient and effective way. The dark web has also recently been highlighted as not just an illicit market place for physical goods and services, but also confidential data and intellectual property that can seriously damage your brand. Proactively monitoring this area of the web ensures you are better able to mitigate risk and can quickly neutralise any threats.

The consequences of getting a brand protection strategy wrong can be dire: loss of trust, damage to reputation and, of course, negative impact on revenue. Whether you are working with in-house experts and departments, with an external brand protection specialist, or both, ensuring your business and customers are safe is becoming more difficult as the threats (and their sophistication) increase. This means earning buy-in and involvement from your entire organisation.

To read the full MarkMonitor report, click here.

Defending your brand on Black Friday

Alison Simpson November 7, 2018May 28, 2019

November will be a month of endless opportunities for online retailers who participate in some of the world’s largest shopping days, including Singles’ Day and Black Friday. Consumers are already planning what they want to buy and there are plenty of websites making predictions about what’s to come and the best deals to look out for. Singles’ Day, originally launched to celebrate being single, became the world’s largest shopping day last year as it hit a record of $25.4 billion in sales. Black Friday is still the largest shopping day in the U.S. with sales of $5 billion in 2017.

As retailers have been planning their online deals for months, so too have the bad actors looking to take advantage of unsuspecting shoppers. These nefarious actors purposely redirect any potential customers away from your site to theirs, leading you to suffer from lost sales and confused and unsatisfied customers.

Some of the infringers’ tactics are very subtle. For example, typo-squatters deliberately locate any available domains similar to yours but leave out, change or use similar characters to capitalize on users incorrectly typing your website name into a web browser. With many consumers using mobile devices to access your site, it would be easy for them to type a wrong keystroke or tap the catchy title and be inadvertently directed away from your site.

There are many challenges for companies who want to stay ahead of the latest domain threats and a plethora of tactics and TLDs for bad actors to choose from. Balancing domain registration coverage with cost containment while protecting your critical domain assets can be complex and time-consuming. But it doesn’t have to be.

Having a comprehensive domain management strategy in place can help you stay aligned with business objectives while staying a step ahead of bad actors. When you partner with a corporate registrar that allows you to manage all your domain assets in one secure management system, you take the first step in preventing these threats from impacting your organization.

MarkMonitor, the expert in domain management, hosted a webinar to share the latest updates on what’s happening in the domain industry, how to use MarkMonitor technology to gain visibility and insight, as well as giving practical strategies to help you establish, protect and enhance your presence on the Internet.

Watch the webinar today to learn more: Developing Effective Domain Management Strategies

Determining enforcements once you know intent

Stefanie Ellis November 5, 2018May 31, 2019

Determining intent prior to enforcement is crucial, and knowing what information is required for each type of enforcement is just as important to ensuring an effective strategy. Once intent is established, you can decide which enforcement strategy will be most effective.

This topic landed among those discussed at length during our latest Forum‘s “Determining Intent for Effective Brand & Fraud Enforcement Strategies” panel. As a follow up, AntiFraud and Brand Protection specialists, Stefanie Ellis and Dustin Richards, discuss the importance of determining intent when evaluating an infringement on your brand.

Fraud or infringement?

Any organisation, simply by having an online presence, is vulnerable to imposter threats. Infringement can take many forms but it always leads to unfortunate outcomes of damaged reputations, lost revenue and increased operating costs. You may have strategies in place for protecting your physical assets and internal network, but it is just as important to protect your brand reputation externally. However, online threats are more prevalent and harder to detect.

Unauthorised use of your intellectual property could be a misuse of your logo, company name, your reputation or an impersonation of the look and feel of your online assets. However, there is a clear distinction when it comes to infringement.

Brand infringement is about using your organisation’s reputation to divert traffic to another web site —rather than stealing your data or money directly. Fraud involves a malicious misuse of your brand with the intention of monetary gain, be it through data or actual payment. Still, both methods can cause your reputation to suffer, consumers to distrust your brand, and lead to potential lost revenues.

There are many different types of brand misappropriation, and most focus on methods to divert traffic using a false affiliation with a business. Examples include typosquatting, pay-per-click infringement and keyword hijacking.

On the fraud side, the primary method for attempting malicious intent via brand false association happens through phishing attacks. While brand impersonation is the most common way to trick consumers and steal their personal information, email is the primary channel for phishing. This can involve vishing (over the phone), smishing (SMS text phishing) or the most recent forms of phishing, business email compromise (BEC) or email account compromise (EAC) which often take the form of form of employee spearphishing.

Most importantly, remember to use the right enforcement strategy for the right attack. To do this, you need to understand the intent of your attacker.

How does intent dictate your enforcement strategy?

On the brand infringement side, there are several steps that you can follow.

Firstly, you should determine if a logo is displayed and if they are using your brand on the domain or within the site. You should also assess if there are any copyrighted images on the site.

MarkMonitor prioritizes the infringements your consumer is most likely to see and can analyse all the above for you.

Your next step would be to check if the site is brand affiliated. If it is not, we would employ the following procedures:

Send a cease and desist letter to the domain registrant.
For pay-per-click sites, MarkMonitor use a process called graveyarding to have the ads removed, thus preventing the domain registrant from monetizing on the framework.
If the registrant refuses to remove the infringing content, a letter can be sent to the ISP.
In most cases, MarkMonitor will use multiple strategies, such as, a cease and desist letter as well as a letter to the advertiser, to elicit the most effective response.

Phishing fraud involves one less step than its counterpart. Because a legal cease-and-desist is not required of the brand owner – and because ISPs are responsible for any fraudulent content on their network – MarkMonitor sends a notification on your behalf about the hosted phishing content, provides the URL and IP address and asks that it be removed.

The process looks like this:

Shutdown request sent to ISP (Telco for phone numbers)
Notification to domain owner or registrar
Escalations to host country CERT, as needed

MarkMonitor understands this process and ensures that each type of request, letter and report uses the correct language and tone to affect an effective resolution.

When proof of malicious intent is lacking, a brand infringement enforcement should be employed. When proof of fraudulent activity is present, MarkMonitor can employ a fraud enforcement. Traditional phishing sites have a six to ten-hour median shutdown times.

To learn more, watch our on-demand webinar: Brand and AntiFraud Enforcement Strategies.

GDPR and WHOIS: Adverse Impacts on Brand Protection

Statton Hammock October 22, 2018May 28, 2019

More than four months have passed since the General Data Protection Regulation (GDPR) became effective, resulting in many domain name registries and registrars moving to redact registrant information from their public WHOIS records (including information related to legal entities and persons not located in the European Economic Area; redactions that are beyond the scope of the privacy regulation).

Historically, domain name registrant information in WHOIS has been used by cybersecurity experts, brand protection service providers, law enforcement, intellectual property owners, and child protection advocates to identify, contact, and prosecute individuals who propagate websites that sell counterfeit goods and pirated movies, TV shows and music, malware, illegal pharmaceuticals, fraud, child pornography and other forms of illegal content. Internet watch dog groups predicted that redacted WHOIS information would impede the efforts of law enforcement and IP protection advocates to enforce criminal and civil laws.

Until recently, however, there has not been a sufficient amount of data collected to prove the impacts on these efforts. Last week two cybersecurity organizations, the Anti-Phishing Working Group (APWG) and the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) were able to publish a survey of cyber investigators who revealed how their security efforts have been affected.

MarkMonitor has also been tracking the impact of redacted WHOIS on our AntiCounterfeit, AntiPiracy, and AntiFraud services since GDPR went into effect on May 25th, and although our data continues to mature, a picture of the impacts is emerging which we can now share.

The implications

Prior to May 25th, the MarkMonitor enforcement team would regularly query public WHOIS databases to find the registrant’s name and contact information so we could address and send a cease and desist letter or infringement takedown notice. If the contact information in WHOIS was false or hidden behind a privacy or proxy service, we would send a notice to the abuse contact at the registrar and/or to the company hosting the infringing website. After GDPR went into effect, however, WHOIS queries often returned little or no public registrant data, so MarkMonitor had to request non-public WHOIS data from registrars and registries directly.

Unfortunately, the success rate for obtaining registrant information has been very low, 22% as shown below:

Obtaining contact info

From the data we have collected over the previous four months, only 9% of full publicly available WHOIS records searched have un-redacted registrant information after GDPR. Of the number of complete WHOIS records that have been successfully obtained, most have been provided by registrars compared to registries.

Most registrars, however, have simply denied or ignored requests for registrant information. Of more than 350 requests made to more than 70 registrars, registrars have responded with WHOIS data only 26% of the time. 74% of the WHOIS requests were either ignored (no response to the request was acknowledged) or denied. Requests that were ignored or pending for more than 30 days without any response, were deemed to have been denied.

info rqst

As required by ICANN’s Temporary Specification for gTLD Registration Data, some registrars have developed anonymous email addresses or web forms that enable third parties to send notices to the registrants without disclosing registrants’ personal information. However, in many cases registrars have been slow to implement these mechanisms, which are insufficient as they merely enable registrant contact (without being able to confirm message delivery or receipt), and which still do not identify the registrant, making this an unreliable approach for our enforcement team. Registrant identification is also useful for enforcing IP rights under the UDRP and bringing litigation under the Anti-Cybersquatting Consumer Protection Act (ACPA).

Additionally, MarkMonitor has seen a slight rise in the number of detected infringements as compared to pre-GDPR levels, a trend running contrary to an expected decrease corresponding to summer seasonality observed in the past. It’s difficult to attribute this rise specifically to GDPR and the lack of WHOIS data, but MarkMonitor is watching this trend closely and doing further internal analysis in order to ascertain and understand the factors contributing to the increase.

With access to registrant information in publicly available WHOIS severely inhibited, MarkMonitor has had to adjust its enforcement strategies and processes to adapt to a post-GDPR world. Currently, MarkMonitor has witnessed a 19% loss of operational efficiency when it comes to performing brand enforcement activities. Without reliable access to WHOIS data, and despite significant enhancements in our website owner detection technology, it takes more time for our enforcement teams to find reliable contact data to enable sending takedown notices to website owners.

What’s being done

While the lack of WHOIS information has made it more difficult for MarkMonitor to combat fraud and enforce the IP rights of its clients, we are still able to take down infringing and fraudulent websites at the same level of success per attempt due to our substantial investment in enforcement training and detection technology.

MarkMonitor has hired additional brand analysts in order to address the reduction of efficiency caused by more manual searching for registrant contact data and more manual requests for WHOIS data. Additionally, we have trained personnel to treat each infringing or fraudulent domain as if the WHOIS information was hidden by a privacy or proxy service triggering alternative enforcement methods.

MarkMonitor has also reached out to numerous registrars and registries, individually, leveraging our vast network of high-level industry connections to understand what information or assurances they need in order for them to grant us access to the registrant data. From these consultations, MarkMonitor has drafted a WHOIS request letter and process that we believe is narrow in its scope and is GDPR compliant. Our use of this form has significantly improved our success in obtaining registrant contact information, and we continue to partner with our registrar colleagues to improve further.

What’s ahead

While these crucial mitigating steps have lessened the impact of GDPR on MarkMonitor fraud detection and brand enforcement efforts, these steps have come with substantial financial cost and compromised efficiency. The longer it takes to finalize ICANN’s Expedited Policy Development Process (EPDP), establish a definition of “reasonable access” with registrars and registries, and implement an accreditation and access policy, the more adverse the impacts will be to brand owners, consumers, and Internet users, generally.

With the passage of time, MarkMonitor will continue to collect and analyze more data that will, in turn, allow law enforcement, ICANN Compliance, registrars, registries and brand protection experts to shape policies, procedures, and activities that protect consumers from fraud and abuse while preserving the privacy rights of individuals under GDPR and future data privacy regulations.

We look forward to the opportunity for open dialogue with these groups and others to help our clients protect their customers and their businesses online.

A look back at summer piracy numbers

Zachary Wolf October 21, 2018May 28, 2019

With summer ending, and the first days of fall having passed, now is an ideal time to look back at piracy insights from the summer months.

From June 1 through August 31, we monitored more than 420 titles across the popular film and television landscape through our Global Digital Piracy Index (GDPI). As part of our analysis, we looked at overall infringements, which regions accounted for the most piracy and what formats were most popular.

Our proprietary GDPI database generates detailed intelligence on how pirated content is consumed online. This unique form of monitoring creates a factual overview around file sharing trends. We then use this information to gain context on the global footprint of piracy and make better recommendations for online protection strategies.

After looking at the data, we will offer some recommendations on how to use this type of data to your advantage.

What we found

Total infringements*

Looking at the file sharing landscape, primarily BitTorrent, we found a massive total of unique infringements, with that number crossing the billion mark for a total of 1,690,000,000! This is a staggering number of unique infringements. Let’s break the data down to get a better understanding of the landscape.

1region

unique infringements

Format types

After breaking down where massive amounts of infringements were found, the next question become which format was most popular with pirates. You can see from the data that quality downloads and early access reign supreme with people looking to watch this unauthorized content. Blu-ray and high quality WebRips take the top spot, with Camcorder remaining very popular.

format types

Buried in data? What to do about it

With infringements numbering in the billions, spreading across the globe and high quality and early access availability, it can feel overwhelming to begin tackling the problem.

How to make an impact:

You need a partner who has the industry expertise and global reach to look holistically at your problem and make strategic recommendations. Working with someone who can design a program for maximum return on resources is a must.
Leveraging technology to sift the data and make use of recognizable patterns and insights will speed up your actions. Disrupting the access pirates have to your content is paramount and there is no time to waste.
Once you have your anti-piracy program in place, don’t stop there! Use industry level data, like that provided by GDPI, to drive your business. This type of piracy can offer insights into your promotion, marketing, distribution and business development strategies.
Pirate data is a good source of information on online consumption of your content. If you don’t have this, you could be missing out.

While the face of piracy is changing; the file sharing landscape continues to make a solid contribution to the piracy landscape as a whole. According to the latest Sandvine “Global Phenomena Report” BitTorrent traffic is making a comeback. The fight to drive consumers to legitimate channels and protect ROI is far from over.

This type of piracy data can be used to not only make strategic decisions about how you manage your anti-piracy program, but can offer insights into your promotion, marketing, distribution and business development strategies. Pirate data is a good source of information on online consumption of your content. If you don’t have this, you could be missing out.

If you want to learn more about our Global Digital Piracy Index and how it can be applied to your titles, or how MarkMonitor turns data into actionable intelligence for our customers please contact us here.

Deividas Slivinskas contributed to this article.

Forum reveals the expanse of online challenges

Kelly Taaffe October 15, 2018September 27, 2019

Jane Sunderland, of Sunderlaw Strategies, Inc., never imagined that studying biological evolution would someday lead her down a road to data analysis in online protection.

But she joined the MarkMonitor Forum as a speaker on that very topic last week. Juxtaposing it with the an ever-developing intellectual property industry, she explained:

“It’s about figuring out what the data has to say about trends,” she said. “There have been a lot of changes.”

Among those changes – the fact that online protection challenges now span more business departments and industries than ever. In fact, a MarkMonitor report, slated for release this October, will delve into research around this topic.

“Business intelligence is the road that will lead us to the source of the problem,” explained Dave Cooper of MarkMonitor, who emceed the day’s activities.

Touting a theme of better business intel and improved metrics of success, the event drew throngs of brand stakeholders from across industries to San Francisco’s historic New Mission Theater. Topics and keynotes included domain management, GDPR updates, online fraud and brand protection.

A blast from the consumer-centric past

A MarkMonitor panel of experts was joined by an individual whom many now deem a founder of consumer-centric brand protection. Richard Atkinson, of Adobe, explained that he has seen exponential improvements since launching a strategy focused around well-intentioned users.

When it comes to takedowns of fake software, his metrics to live by included good-to-bad ratio, consumer protection ratio related to search engine activity, and ecommerce growth. Another important factor, he said, was simply the storytelling component, which helps educate those involved in the investment.

“Testimonials from within the c-suite are golden,” Atkinson said.

MarkMonitor Vice President of Product Rikard Bandebo explained that reporting is less about the number of takedowns and more about effects on sales. He said that meant moving “away from volume metrics and into impact metrics.”

That, he explained, could be achieved with the “laser focus” of a consumer-centric strategy. Using localized search technologies and other means, brand owners can determine the probability that users will be impacted by cybercrime threats. The result: better business equity and safer user experiences.

“If brand protection is part of your role, then the total quantity of enforcements is not indicative of the quality of your program.” Cooper added. “You really have to see what your consumer sees.”

.Brand news and trends

Insights around top-level domains came from both Andy Abrams, of Google, and Martin Sutton, of the Brand Registry Group, who talked about both the possibilities and the challenges that have resulted from new gTLDs.

Abrams, who serves as senior trademark counsel, also shared his experiences in managing the company’s trademark portfolio and talked about the importance of ICANN involvement. He recommended that businesses consistently send a representative from legal and trademarking to such events.

“There really is no substitute,” he said.

More highlights

When asked in a live survey about the most important aspects of protecting brands on marketplaces, most respondents agreed that takedowns should be targeted, with a focus on consumer-centric listing
Greenberg Traurig, LLP’s Marc Trachtenberg covered email and social media-based brand attacks, along with a history of cybersquatting. His advice included reducing the profitability of abusing your brand by taking firm action and reminded listeners that consumers often hold a brand responsible for negative experiences. Putting that into perspective, he added that 1 in 3 companies have been victims of CEO fraud emails.
Mary Jenkins, of MarkMonitor, talked about prioritizing marketplaces that matter most for online protection, which helps brand owners save dramatically on costs for sites where users frequent less. More information about her talk can be found in this on-demand webinar.
Learn more about consumer-centric strategies here, or talk to an online protection specialist today.

Protecting your brand in a world with limited WHOIS data

Statton Hammock October 15, 2018May 28, 2019

GDPR has impacted all areas of business, but for brand protection professionals and those concerned with protecting intellectual property rights, the consequences have been tremendous.

No longer able to view domain registrant contact information for IP enforcement efforts, law enforcement and brand protection professionals need to seek alternative methods for finding information necessary to identify copyright and trademark infringers. So when faced with a lack of access to critical information from the WHOIS database and data privacy issues around GDPR, brand owners should revise methods within their traditional three-step approach which includes investigation, identification and enforcement.

A toolkit for brand owners and enforcers

Methods we have found to be most helpful in obtaining crucial information for brand protection activities include:

1. Investigation

Add more human resources to conduct the research.
What used to take one or two steps now requires several steps and/or assistance from outside sources. Identifying registrant contact information takes more time and involves a greater degree of human intervention as investigators have to manually search websites for contact information or request it from registrar and registry operators.
Explore other data sources.
ICANN’s new Temporary Specification for the display of Registrant Data, designed to replace WHOIS for the time being, allows registries and registrars to redact the name and email address of the domain registrant, but there may be other ways to get this information:
– Check the domain name nameserver to correlate other possibly related domain names. You may be able to identify if infringing or harmful domains are under common control.
– There are more old-fashioned means of identifying the source of alleged harm. Even if the address field in WHOIS provides only the state and/or country of the registrant of the domain name, that information may still be useful to direct you to a U.S.-based Secretary of State corporate database, or to a country’s trademark office.

2. Identification

Ask for it!
The Temporary Specification requires registry operators and registrars to grant reasonable access to non-public WHOIS information upon request, so long as the requestor has a legitimate interest in making the request and where such interests are not overridden by the interests or fundamental rights of the data subject. In making a non-public WHOIS request from a registrar or registry, MarkMonitor advises the following:
– Identify yourself and your connection with the rights holder.
– Explain legal basis for processing the data
– Identify the specific IP being infringed and how it is occurring
– Make each request unique; it will be reviewed by a real person
– Commit to processing in accordance with GDPR principles
– Request only the information necessary to enforce and explain why; no fishing expeditions!
Pursue other legal means to obtain data.
Most jurisdictions permit a plaintiff that does not yet know a defendant’s identity to file suit against “John Doe” and then use the tools of the discovery process to seek the defendant’s true name, as well as other details. You can file a UDRP or a URS complaint naming “John Doe” and the registrar will provide the underlying registrant data to the UDRP or URS provider.
Review WHOIS history.
Databases of historical WHOIS information still exist and can be obtained, subject to GDPR regulations and other privacy policies.

3. Enforcement

Engage with other relevant intermediaries.
Registries, hosting providers, and ISPs can contact the registrant if abuse has occurred and the registrant is itself a victim of wrongdoing. Maintain good relationships with the compliance department of these registries and registrars.
Contact registrants using an anonymized email address or web form.
Under ICANN’s Temporary Specification, registrars must include an anonymized email address or a web form from which messages could be forwarded to the registrant email address. You can send your cease and desist letter or breach notice to the registrant through these means.

The future
Brand enforcement takes longer and is a costlier exercise than it was pre-GDPR. However, there is recognition that the ICANN Temporary Specification is only fit for what it says – temporary use. A policy development group has been formed with the purpose of finalizing a permanent policy for the display and access of registration data within a year post-GDPR. Until this occurs, brand owners will continue to face these obstacles.

registrars

Cryptocurrency users falling prey to phishing schemes

Stefanie Ellis October 2, 2018May 28, 2019

Once upon a time, a phishing email would nearly always impersonate a financial organization, would be poorly written and easily recognizable.

Today, there are many ways that phishers can target organizations, employees and consumers – and multiple avenues that they take to do so. As society becomes increasingly dependent on online processes, phishers become more innovative in capitalizing on those practices.

Case in point? Cryptophishing, a new form of online phishing that has surfaced with the advent of cryptocurrency in online financial practices. We’ll delve into this, but first, let’s review some background on cryptocurrency.

What Is cryptocurrency?

As of this writing, there are 2,004 identified cyptocurrencies and more than 14,000 cryptocurrency markets. Here is an excellent infographic on cryptocurrency, and below are key crypto terms to know:

Cryptocurrency/Coin/Token: In simple terms, cryptocurrencies can be called a tokens, where each token is simply 1 unit of value of that cryptocurrency. The ownership of cryptocurrency tokens is recorded on a digital ledger (generally a blockchain).
Blockchain: A database protocol. In cryptocurrency, a blockchain is a distributed digital public ledger where transactions and balances of a given cryptocurrency are recorded. It is secured using cryptographic hashes. Not every cryptocurrency is blockchain-based. One should note that blockchains can do more than act as ledgers of transactions, they can store any sort of data in sequential blocks (their potential and the potential of other hash-based systems is endless as far as the potential of databases goes).
Cryptocurrency Wallet: Software that allows you to create cryptocurrency transactions and see balances associated with cryptocurrency addresses. Or more specifically, in wallets where you control your private keys, software that lets you access balances associated with your private and public keys and create a transaction using your private keys (see “keys” below for an explanation). NOTE: With some wallet types, like custodial wallets on exchanges, you don’t manage your private keys direction but show an address where a balance is stored. These too can be described as a wallet.
Keys (Cryptographic Keys): Cryptocurrency is largely based on public-key cryptography. The concept is that one key can be known publicly (the public key) and the other can’t (the private key). A public address is the public account number people can send coins to; it a has a public key, which is a hash of a private key. The private key is a unique personal password from which coins can be sent by creating a signature (i.e. an encrypted version of the private key). Users should never share the private key as it is the root of all information needed to access a cryptocurrency wallet.

How cryptophishing works

Cryptographic keys are the primary reason that cryptophishing is becoming more prevalent. The anonymity of cryptocurrency wallets makes stealing them easier than traditional phishing, which targets bank accounts and must elude security measures to transfer money and then launder it.

Cryptophishing attacks are highly targeted, and costlier for offenders to organize, because of their higher return on investment. Emails are often customized to the recipient and look legitimate. Because these emails are so highly targeted, they can be harder to detect and may not be flagged as suspicious.

Further complicating matters, cryptophishing tends to leverage various forms of distribution other than email. Cryptophishers have been known to use social media to distribute phish. Fake social media profiles, for example, might look like a well-known and legitimate cryptocurrency social group and target members of that group. Cryptophishers have also been known to purchase ad words and put links to phishing sites in paid search engine listings.

Cryptophishing emails can impersonate any entity of a cryptocurrency process including web wallets, cryptocurrency exchanges, blockchain, etc. The vulnerability comes primarily from when a user accesses their crypto wallet online or through mobile devices (rather than on a computer or external device with a hardcoded and protected private key).

In the phishing example above, a phishing site attempts to access a user’s cryptocurrency wallet by requesting private keys, mnemonic phrases or specific file information.

Summary

As cryptocurrencies become more prevalent there will be an increase in phishing attacks targeting all parts of the cryptocurrency process. As with any new financial endeavor, vulnerabilities will stem from the human element falling prey to social engineering.

Securing logins and private keys for cryptocurrency wallets is paramount. The anonymity of the process prevents exchanges, currencies, or wallet software from taking on responsibility for any losses due to phishing. Unlike traditional banks, there isn’t insurance to cover losses due to fraud.

Further reading on cryptocurrency basics:

https://cryptocurrencyfacts.com/
https://blockgeeks.com/guides/what-is-cryptocurrency/
https://www.investopedia.com/articles/investing/082914/basics-buying-and-investing-bitcoin.asp

Trust me, I’m unsecured – said no great website ever

Alison Simpson October 1, 2018May 28, 2019

The SSL saga continues.

Security certificates are becoming increasingly more important for establishing trust as more users transact online. Threats of online identity theft and fraud have led consumers and business partners to demand assurance that personal, financial and business data remains safe. New changes in internet standards and web browsers are giving websites that use HTTPS a leg up and are actively distrusting unsecure sites that remain on HTTP.

Mid-October will herald the release of Firefox 63 and Chrome 70. As a result, users who visit websites with missing or outdated SSL certificates will be greeted with security warnings.

Managing a global portfolio comes with enough challenges on its own, but factor in SSL certificates and you’ve got your work cut out for you. And today, browsers are more transparent than ever in displaying your certs – or lack thereof.

Preparing your business with better security

It’s important to utilize a domain service that offers all available methods of domain validation, covers SSL certs across entire websites and provides end-to-end security. A single, integrated platform is helpful when it comes to renewals so that you aren’t missing important dates for each certificate.

As the first of the web browsers adopts the HTTPS Everywhere standard (which aims to bring trusted content to every page on the internet), make sure you have the right information and certificates for your pages, so that changes don’t disrupt your business by labeling your site “not secure.”

Not sure of the impact for your job function? If you’re in doubt, it’s worth exploring. Certificate management has expanded beyond IT into marketing and legal departments, which tend to have a high stake in demonstrating that a website is genuine.

Next steps to build trust

Listen to our podcast, featuring Jeff Barto of DigiCert, for everything you need to know about the current certificate landscape, so your websites continue to be trusted in every way. You’ll learn how to provide assurance to visitors, so that your site continues to garner consumer trust, no matter what changes lie ahead.

It’s time to demystify the world of SSL certificates.

domain service

Power up your AntiPiracy strategy with business intelligence

Zachary Wolf September 26, 2018May 28, 2019

The world of piracy has changed dramatically from just a few years ago.

As technology has advanced to make our working and social lives easier, it’s also allowed pirates to become more sophisticated. They’re even pirating pirated sites and stealing the branding of more popular sites using subdomains, redirecting traffic much like they do from legitimate sites.

More than that, the profile of the consumer of digital pirated content has changed too. A few years ago, getting your hands on illegal content took a bit of effort. Yes, it was largely peer-to-peer based, uploading and downloading shows, music and movies, but a user had to seek them out, find the right torrent or file and hope the version they downloaded was of decent quality.

Today, with opensource software like KODI (which is in itself legitimate), streaming sticks are being modified with addons and are available “fully loaded” and ready to go. Simply plug it into your smart TV, and you’ve got access to almost anything. It’s an easy, frictionless and lucrative market.

This change in landscape also makes it more difficult for rightsholders and broadcasters to protect content. However, with the right anti-piracy approach, you can use data and analytics to strengthen your efforts. Understanding where and how people are engaging with pirated content helps improve strategies, too. By gathering data, rightsholders and broadcasters can inform their decision making on important issues, such as distribution strategies, launching a new product sooner or reprioritising a go-to-market strategy.

MarkMonitor has these capabilities and uses its technology to gather data about where, when and how people access pirated content across channels, including peer-to-peer file sharing, websites, search engines, user generated content (UGC) sites, live and video streaming, KODI and over-the-top (OTT) sources.

How do we do solve the problem of piracy?

MarkMonitor uses a series of tools to tackle the issue for our customers.

This includes the MarkMonitor Global Digital Piracy Index (GDPI) that generates detailed intelligence of how content is being accessed and consumed online. It creates a factual overview based on the fire sharing landscape and helps access demand for your content.

We also leverage a reporting dashboard, known as Insite, which tracks industry and project KPIs, MarkMonitor Up-link (our piracy intelligence portal) and MarkMonitor Savvy, which is our automated link verification tool.

The data gleaned from these sources can be used to inform many areas of business. You can answer questions around distribution and availability strategies as well as on shortcomings when it comes to global marketing and promotions. Your data can also help with decisions around the monitoring and management of your content catalogue, driving business development and identifying gaps in a global strategy.

Sophisticated threats require a sophisticated response

Rightsholders and broadcasters need to ensure strategies cover all channels being used to share content and need access to data that drives all-important decisions. What’s more, intel needs to be actionable.

For more information on the use of analytics and business intelligence to drive your AntiPiracy strategy, tune in to our Powering Your AntiPiracy Strategy on-demand webinar.

Boost brand protection with data-driven results

Kelly Taaffe September 19, 2018May 28, 2019

When selecting which marketplaces to protect, it matters little if web visits number in the millions. If users are leaving before they buy, then brand protection efforts can go to waste. After all, it only takes one click to make a purchase, and where that click happens is what counts.

When users are buying in places where they spend less time, you need to know about it. Armed with the right data, you can save time and money by targeting your online protection strategy.

A similar protocol goes for search engines. When searching online, 91 percent of traffic never ventures beyond page one of results. Using native marketplace technology, you can prioritize listings your consumer sees.

MarkMonitor experts Akino Chikada and Mary Jenkins will delve into these insights and more during a webinar on trending platforms and tips on taking action against infringers, so be sure to register for this event.

Keeping up with a digital evolution

Change is happening at lightning speed across online platforms, from updates in marketplace enforcement policies to Flipkart’s recent shutdown of eBay India. Each platform you use likely has different and continually updated requirements for monitoring infringements.

You might be asked for copyright proof, brand identifiers, documentation and contact information multiple times and across different formats. This is one of many reasons why a seamless reporting portal can make a huge difference in your efforts.

It’s a complex digital world out there. Given the evolution that’s happening across processes like trademarking, enforcements, legal documentation and other processes, it makes sense to stay savvy on the latest in brand protection.

Our New trends: Which platforms matter most for brand protection? webinar will keep you current on news and intelligent brand protection tools. You can also learn more on these topics during the MarkMonitor Forum – register here while spots are still available.

We look forward to keeping you informed during these upcoming events!

For smarter enforcement, determine your infringer’s intent

Stefanie Ellis September 6, 2018May 31, 2019

There’s no question that intellectual property is at stake online. The question is how it’s being compromised.

Infringements, malware, phishing – one thing these threats have in common is that they leverage your brand equity. To defend yourself against this shapeshifter, you’ll need to understand your attacker’s intent – are they out to siphon your money, or your traffic?

Is it the brand they’re after?

Brand reputation can be influenced by many factors. The inevitable exposure that comes with doing business online heightens the risk to both an organization’s reputation and to its security. Damage to reputation, lost revenue and increased operating costs are just a few possible impacts.

Online threats and misuse of intellectual property can take on different forms depending on intent, whether it be brand infringement or malicious threats.

Brand infringements can be defined as unauthorized use of intellectual property for the primary purpose of diverting traffic through brand impersonation or false affiliation. These threats generally take the form of traffic diversion, false association, non-phishing brand impersonation, cybersquatting, brand and logo confusion, partner compliance, and keyword hijacking.

The impact of this type of threat is reduced traffic and potentially lost revenue, brand confusion, and a blow to the organization’s reputation.

Example of a brand impersonation website

Or is it the money?

Malicious threats often take the form of phishing fraud activity when targeting a branded organization. Phishing fraud is also the unauthorized use of intellectual property, with the intent to illegally obtain money or data.

This typically takes the form of brand impersonation for consumer phishing, vishing (phone impersonation), smishing/SMS text phishing, malware distribution, business email compromise (BEC) scams and employee spearphishing for the purpose of phishing to steal credentials, money, or data, or delivering malware or other email-based scams. The impact of phishing to the organization is primarily monetary in relation to financial losses suffered by consumer victims but can also result in brand distrust.

Image 2018 09 05 17 56 06 Example of website phishing

Detecting online threats requires multiple types of data feeds. Domain zone files, search engine, social media and mobile app marketplaces tend to be rich detection avenues for brand infringing online threats. Phishing fraud is more typically found in email feeds, customer web server logs or abuse inboxes, DMARC quarantined URL feeds, and domain zone files as well.

Determining intent is paramount to utilizing best practices for a quick, efficient enforcement. When phishing fraud activity can be proven from content or email-based evidence, a phishing fraud enforcement is generally going to be quicker. When there is no malicious intent, then enforcement relies on the misuse of the intellectual property and responses can take longer.

You can take action to mitigate threats against your business online. Join our “Brand and AntiFraud Enforcement Strategies” webinar as experts review strategies that will make a big difference in your protection program.

Blockchain-connected domains on DNS seeing a surge

Chris Niemi September 6, 2018May 28, 2019

Decentralized domains such as .BIT, .ETH, .COIN, and .LIB, which are based on blockchain technology, have experienced renewed relevance with the growing popularity of blockchain technology and data privacy policies. While these ‘domains’ are not true domain names – meaning they do not use the ICANN-coordinated DNS and do not resolve to content in the traditional sense – they do allow for other activities among cryptocurrency holders such as connecting directly to their ‘wallets.’ While originally these domains were minimally used, lately they have increased in importance as they begin to impact the new gTLD namespace, and the “real DNS”, in a number of different ways.

For example, new Registry Operator “The Best SAS” recently acquired the .BEST Top Level Domain, and intends to use it as a “core component of a decentralized search optimized social network, where participants will be rewarded with .BEST cryptocurrency for reviewing best in class products and services.” This represents a new namespace to monitor for infringement, and the new Registry Operator intends to cut prices, which increases the risk of trademark infringement in a TLD.

.LUXE, a TLD that is currently in its Sunrise period, is related to the Ethereum blockchain, and was “created to combine Ethereum blockchain innovation and security with ease of use for today’s world” and its domains can be used in the traditional way (e.g. websites, email, etc.), or as a .ETH (Ethereum) cryptocurrency wallet or decentralized app address. Brand holders should note that there will be a .LUXE Limited Registration Period immediately after Sunrise, from October 9-25, during which only existing .ETH owners who have secured their .ETH domain by or before September 21, 2018 will be eligible for a .LUXE domain name.

An .ETH ‘domain’ is simply a way to translate cryptographic addresses on the Ethereum blockchain into a human-readable ‘domain’ instead of a long string of random numbers and letters, similar to how the DNS translates traditional domain names into an IP address. However, to access .ETH domains, users must use a specialized browser, or install a browser extension on their usual browser. The .ETH “TLD” is not sanctioned by or governed by ICANN, and like cryptocurrencies themselves, was originally established to provide a way to register a domain name that is immune to government regulation, hacking, website-seizing, and censorship.

While MarkMonitor is not currently offering decentralized domains, potential registrants in the .LUXE namespace should be aware that .ETH owners may be competing for registrations during the .LUXE launch. As such, MarkMonitor advises submitting registrations during the Sunrise Period (now through October 8) utilizing SMD files from the Trademark Clearinghouse. Also, if you are the holder of a .ETH domain, please let us know.

For assistance on reviewing your TMCH and domain portfolios and developing a strategy for these TLDs, please contact your Domain Client Service Manager as soon as possible.

Additionally, MarkMonitor continues to monitor .ETH and the decentralized domain space, and will continue to publish updates for our customers. Please do not hesitate to contact us with any specific questions in the meantime.

Fake pharmaceuticals a triple threat to brands online

Akino Chikada August 10, 2018May 28, 2019

According to the Food and Drug Administration, 97 percent of online pharmacies are illegitimate and unsafe.

Many of these online pharmacies involve highly sophisticated criminal enterprises and sell medicines that don’t work or are harmful to your health. Beyond serious health dangers, many of these illegitimate online pharmacy schemes also utilize malware to steal consumer credentials (such as credit card numbers and identities) – which further heightens the gravity of the situation. What’s more, these threats of imposter medical products can also bleed into online reputation and domain management issues.

For pharmaceutical companies, being associated with these types of illegitimate online pharmacies is a serious concern. Many of these online pharmacies appear legitimate – so much so that even experts have a hard time distinguishing a legitimate online pharmacy at a glance.

It’s no surprise that countless victims have been endangered by rogue online pharmacies. Counterfeit drugs pose significant health risks to consumers for various reasons, including drugs not being stored correctly, incorrect dosages being prescribed or the use of unknown ingredients. And when casualties happen, the problem for pharmaceuticals and brand owners escalates exponentially.

Follow these tips to help preserve the health of both your brand and your consumers online:

• Look for the Verified Internet Pharmacy Practice Sites (VIPPS) Seal from NABP, if you are based in the United States.
• Confirm whether a prescription is required for a drug listing. Legitimate online pharmacies always require a valid prescription! If the site boasts “no prescription required”, that’s an immediate red flag.
• What countries does the pharmacy ships to? Pharmacies should be licensed in every jurisdiction they ship to, so if a site offers worldwide shipping, take that as a warning that a site may be illegitimate. In most cases, pharmacies must be licensed both where they are and where the patient is located and cannot simply sell drugs to anyone, anywhere.
• Look out for diverted goods. Many sites will specifically call out if they source product from one country and ship to another. Compare language on the packaging and the product website. There are liability considerations when someone receives a product where packaging and information is in another language that a patient is unable to understand.
• Legitimate pharmacies do not sell unapproved drugs. If the site is promoting unregulated drugs, take that as a clear sign that the site is a rogue online pharmacy.
• All legitimate online pharmacies should provide contact information to a licensed pharmacist.

While these are clear indicators to identify a rogue online pharmacy, the reality is that many consumers are still falling victims to these scams. Consequently, brand owners must take the driver’s seat and proactively identify and take down these rogue online pharma sites to ensure consumer safety.

Want to learn more? Contact our experts today.

ICANN conversation moves from display to access

Statton Hammock August 8, 2018May 28, 2019

Is anyone else struggling to remember a time before the GDPR? It’s only been a few weeks since the regulation came into effect, but there have already been plenty of developments in the brand protection field – so much so that it’s hard to imagine a pre-GDPR era.

Before the GDPR officially came into effect, the majority of conversations in the domain name industry centered around the display of registrant information within WHOIS – how much would be publicly available, and how much of an impact would this have on brand protection efforts.

Unfortunately, while there has not been a total WHOIS blackout, our predictions regarding the absence of vital registrant data have largely come true. Only a tiny percentage of information is now available to the public, and this has had a considerable effect on brand protection professionals.

Challenges around requesting data

Technically, any party that has an interest in looking at shielded registrant information via WHOIS, like MarkMonitor, is able to request access provided it’s for a ‘legitimate purposes’. But there’s an inherent flaw here: domain registries and registrars are free to interpret what is or isn’t a legitimate purpose as they wish. While one might gladly pass over the information a party requests, the other might flat out refuse to budge.

This is why the discourse is now focused on a proper, centralized, accreditation and access model. The lack of definition around who is entitled to what information has been incredibly frustrating for brand protection experts and agencies – and we’re only just over a month into the post-GDPR era. With a universal access model, requirements for access will be consistent and so all requesting parties will know where they stand, and legitimate brand protection efforts will be much easier to carry out.

The good news is that work is underway to create and implement a unified accreditation and access model. At a meeting in Panama City last month, ICANN presented its own ‘unified access model’ for consideration, and while it forms a decent foundation, it was fairly skeletal with no real meat on the bones.

Working toward a solution

At MarkMonitor, we’ve spent the last few months working with other companies, organizations, privacy counsel and cybersecurity agencies on a version of the model, and it’s something we’re keen to integrate into ICANN’s framework to create something more concrete and satisfactory for all parties. But this will require close collaboration with ICANN itself, which could prove to be a lengthy process.

And herein lies the bad news, which is that it will be a considerable period of time before we finally see a uniform accreditation and access model in place. There will undoubtedly be various rounds of feedback, amendments and approvals before we’re left with something that is solid enough to work with. However, this model has the potential to make brand protection exponentially more efficient than it currently is, and so it’s something worth waiting for – and working for.

The current brand protection landscape is treacherous to say the least, with the instant repercussions of GDPR making consumer protection more difficult. But it looks like there are brighter days ahead – all that’s required is patience, a willingness to collaborate, and perseverance.

Risks of counterfeiting real, survey shows

Chrissie Jamieson August 6, 2018May 28, 2019

We all know about the dangers that brands face when it comes to counterfeiting. But which are considered the highest risk?

According to a survey at MarkMonitor’s annual Spring Symposium, the overwhelming majority believe it to be reputational damage.

Having gathered responses from more than 100 business executives and attendees of our Symposium, 74 percent said they believe reputational damage to be the most significant risk they face through online counterfeiting. This was closely followed by lost sales through counterfeiting and/or pirated goods, with one in five citing this as the most damaging side-effect.

The Symposium is a hugely insightful and valuable event, both for us and for those who attend. The results from the survey we hold each year provide an exclusive insight into the current state of the online counterfeit marketplace and general awareness around the latest market trends.

Case in point: it was clear from the findings that brand protection is still a serious headache for lots of businesses. Forty-four percent of respondents told us they are seeing instances of brand abuse escalating, while 38 percent said they have difficulty understanding whether it’s increasing or decreasing – a sign that perhaps some brands are overwhelmed by the issue and unsure how best to tackle it.

Additionally, when asked where the responsibility lies for brand protection within their company, 37 percent admitted that it lies ‘all over the place’, with just 6 percent saying they have a dedicated head of brand protection.

These findings combined highlight not just the scale of the counterfeiting issue, but the huge negative repercussions that brands can suffer from – particularly from a reputational perspective. Worryingly, there also seems to be a lack of clarity around who’s responsible for brand protection within their business.

These figures clearly need to change, and this will only happen if brands create a dedicated online brand protection strategy that maps out the overall process and assigns responsibilities to dedicated individuals.

That’s not to say there aren’t also some positives to take away from the survey – we found encouraging signs that counterfeit-conscious brands are heading in the right direction. When it comes to dealing with online infringements, for example, 48 percent of respondents employ a holistic strategy of preventative measures and enforcement across much of the internet. This is an approach that we champion here at MarkMonitor.

As more brands realize the importance of having a comprehensive online brand protection strategy in place, we will hopefully see these figures continue to improve over time.

Enhancing your strategy and ROI with premium and reserved domains

Brian King August 3, 2018May 28, 2019

The new gTLD program has been a controversial topic for MarkMonitor customers.

Many understandably blame new gTLDs for inflating defensive domain name budgets, creating new environments for cybersquatters and other bad actors and creating new free speech challenges to brand protection with the introduction of gripe TLDs like .sucks. On the other hand, companies have capitalized on the opportunity to secure powerful keyword-rich and hyper-localized domains, like spanish.academy and toureiffel.paris, and have reached new customers with non-Latin character IDNs. Many companies also now enjoy unprecedented security, innovation and control with their own .brand TLD.

For better or for worse, new gTLDs have unquestionably resulted in momentous changes to the way companies protect their brands online. With that, we invite you to join MarkMonitor New gTLD expert Sherry Hildebrand and myself for the first in a series of new gTLD-focused webinars leading up to the five-year anniversary of the day the first new gTLDs were added to the root DNS, October 23, 2013. Between now and the end of October, we will host a series of webinars to discuss premium and reserved domains, .brand TLDs now and in the next round, rights protection mechanisms, how to leverage new gTLDs for brand protection and more.

Our first webinar, focused on premium and reserved domains, will begin with background on how and why registries have premium and reserved domains (spoiler: it’s not all about the $). We’ll then cover facts and stats – and offer customers a look under the hood at how we work with premium and reserved domains. We’ll wrap up with effective negotiation strategies for maximizing value and minimizing costs, and as always, how we’re advocating for our customers and what we can do to help, leaving time for questions.

Sherry and I hope that many of you can join us on August 8 and beyond. Be sure to register for the webinar today.

Challenges arriving with the rise of the dark web

Luge Pravda August 1, 2018May 28, 2019

Of all the problems that businesses face in brand protection, dark web challenges land among the most significant. While the environment itself is not new, organizations have started to realize they need visibility to better understand the scale of their threats.

Accessible only via anonymizing software, it has at certain times taken on the role of a digital black market – vulnerable to nefarious individuals looking to buy and sell illegal goods, from drugs and weapons to reams of personal data.

The mystery that surrounds the dark web – combined with the illicit activity that takes place within it – has made it an attractive topic of conversation. The dark web first became a part of the public vernacular when Silk Road (previously the biggest marketplace on the dark web) was famously shut down by the FBI and Europol in 2014. Since then it has become a popular topic of debate.

Although few could have predicted it back then, the dark web can also impact businesses from a brand protection point of view. We often see that, once a business has suffered from a data breach, the hacker(s) responsible will seek to sell or pass on seized information through the dark web.

Just earlier this year, for example, Grant West was jailed for more than 10 years after selling customer data seized from a number of huge multinational corporations. According to The Guardian, the cost of the scam was estimated to be around £200,000.

Stories like this have forced brands across several sectors (primarily those that hold large amounts of personal and/or valuable data) to take appropriate measures to protect themselves from the dark web.

However, this is not a problem limited to a fraction of businesses. Rather, it is something every organization operating in the online world will need to remain wary of.

Contrary to the popular opinion that the dark web is just an environment that hosts the transaction of illegal goods, it’s also rife with confidential data and information that has been seized through cyber attacks, and can be hugely damaging to the businesses if made public. This can range from confidential documentation, to pictures and video files, and more.

While many brand protection threats can be prevented, the dark web is an exception to this rule. Unlike other environments, there is no enforcement mechanism that can be used by brands to protect themselves effectively.

However, steps can be taken to mitigate the risk. MarkMonitor has a team of dark web experts that can more accurately defend against this threat using a range of tools and technologies, ensuring customers are notified of problems as quickly as possible so the threat can be neutralized.

Europol also recently announced the formation of a new EU-wide dark web team, which aims to introduce a more coordinated approach to tackling criminality on the dark web.

It’s moves like this that quickly make an organization realize how serious the dark web threat can be. Many might think they are exempt from the risk, but the reality is that all businesses must prepare for it. With the dark web continuing to grow, and the scammers using it becoming ever more sophisticated, it needs to be included within every online brand protection strategy.

Read more here about solutions to dark web threats.

MarkMonitor scoops up awards at ACQ5 Global

Chrissie Jamieson August 1, 2018May 28, 2019

We’re delighted to announce that MarkMonitor came home with, not one, not two, but three awards, following this year’s ACQ5 Global Awards 2018.

As well as scooping up the Domain Management Company of the Year and Brand Protection Advisory Company of the Year awards, our President, Chris Veator, won the prestigious Game Changer of the Year trophy.

The ACQ5 Global Awards are some of the most hotly-anticipated in the calendar, designed to recognise organisations and individuals that have achieved outstanding commercial success across a range of areas of expertise. We were particularly proud to have won these awards given that they are the only industry honours given purely on the basis of voter participation.

These awards reflect the major developments we’ve made in the brand protection field. As the digital world has expanded, so has the threat landscape, and that means there’s a lot more ground that brands need to cover. Thankfully, we’ve developed an expertly-designed portfolio of innovative solutions, which can help these same brands to stay ahead of these issues and cover the entire spectrum of threats.

As for MarkMonitor President Chris Veator winning his award? Well, we thought we’d let him speak for himself.

“I am truly grateful to be named Game Changer of the Year by ACQ5 and its voters,” he said. “Having joined MarkMonitor in 2017, I was impressed by the company’s focus on innovation and commitment to protecting the reputation of its customers in today’s evolving online world.

“This is an exciting time for the company as we continue to invest in new technology and analytics to help brand owners protect both their reputations and their consumers.”

We’re honoured to win these awards, and it’s great to be recognised by the industry for our commitment to ensuring brands are able to fully protect themselves.

361 ACQ5 awards blog pic 3

ICANN Update: Expedited Policy Development Process Kicks Off

Brian King July 26, 2018May 28, 2019

In an effort to establish a permanent policy for WHOIS data collection, processing and access in compliance with the European Union’s General Data Privacy Regulation (GDPR), the ICANN multi-stakeholder community will kick off a first-of-its-kind Expedited Policy Development Process (EPDP) next week.

This EPDP will result in a new policy that takes the place of the Temporary Specification approved by the ICANN Board on May 17, 2018, which took effect May 25, 2018, and expires on May 25, 2019. Learn more in our past GDPR posts or by watching our most recent ICANN meeting recap webinar.

Consensus-based policy development among various stakeholders at ICANN normally takes years to achieve, so finalizing the EPDP between the August 1 kickoff call and the May 2019 expiration of the Temporary Specification will be a significant undertaking for the EPDP team. Fortunately, the community has assembled a “dream team” of experienced, reasonable community members dedicated to this goal.

Contributions as a client advocate

MarkMonitor is uniquely well-positioned for a leadership role as a bridge-builder in consensus-based policy development. We primarily represent our customers’ intellectual property interests through the Intellectual Property Constituency, doing so in a way that also advances the interests of our customers who are active in ICANN’s Business Constituency.

We carry out all advocacy work in a way that respects our position in the Registrar Stakeholder Group (the only place in the ICANN ecosystem where we vote), and our customers who are .brand Registry Operators recognize the important contributions and perspectives of the Advisory Committees and other Supporting Organizations in the community.

I am pleased to have been chosen to represent MarkMonitor and our customers in this EPDP as the Intellectual Property Constituency’s Alternate Member. This EPDP will no doubt require MarkMonitor’s unique pedigree as a bridge builder working to align stakeholders to achieve our common goal: complying with GDPR in a way that preserves the WHOIS necessary for the security and stability of the internet, including access for the legitimate interests of law enforcement, intellectual property protection and consumer protection.

Stay tuned for updates

You can follow along with the EPDP by signing up for the mailing list or listening to past conference calls here, and stay tuned to the MarkMonitor blog, where I will provide updates as we make progress.

As always, please don’t hesitate to reach out with any questions or suggestions about how we can advocate for you.

Login

msalangsang