Determining enforcements once you know intent

Determining intent prior to enforcement is crucial, and knowing what information is required for each type of enforcement is just as important to ensuring an effective strategy. Once intent is established, you can decide which enforcement strategy will be most effective.

This topic landed among those discussed at length during our latest  Forum‘s “Determining Intent for Effective Brand & Fraud Enforcement Strategies” panel. As a follow up, AntiFraud and Brand Protection specialists, Stefanie Ellis and Dustin Richards, discuss the importance of determining intent when evaluating an infringement on your brand.

Fraud or infringement?

Any organisation, simply by having an online presence, is vulnerable to imposter threats. Infringement can take many forms but it always leads to unfortunate outcomes of damaged reputations, lost revenue and increased operating costs. You may have strategies in place for protecting your physical assets and internal network, but it is just as important to protect your brand reputation externally. However, online threats are more prevalent and harder to detect.

Unauthorised use of your intellectual property could be a misuse of your logo, company name, your reputation or an impersonation of the look and feel of your online assets. However, there is a clear distinction when it comes to infringement.

Brand infringement is about using your organisation’s reputation to divert traffic to another web site —rather than stealing your data or money directly. Fraud involves a malicious misuse of your brand with the intention of monetary gain, be it through data or actual payment. Still, both methods can cause your reputation to suffer, consumers to distrust your brand, and lead to potential lost revenues.

There are many different types of brand misappropriation, and most focus on methods to divert traffic using a false affiliation with a business. Examples include typosquatting, pay-per-click infringement and keyword hijacking.

On the fraud side, the primary method for attempting malicious intent via brand false association happens through phishing attacks. While brand impersonation is the most common way to trick consumers and steal their personal information, email is the primary channel for phishing. This can involve vishing (over the phone), smishing (SMS text phishing) or the most recent forms of phishing, business email compromise (BEC) or email account compromise (EAC) which often take the form of form of employee spearphishing.

Most importantly, remember to use the right enforcement strategy for the right attack. To do this, you need to understand the intent of your attacker.

How does intent dictate your enforcement strategy?

On the brand infringement side, there are several steps that you can follow.

Firstly, you should determine if a logo is displayed and if they are using your brand on the domain or within the site. You should also assess if there are any copyrighted images on the site.

MarkMonitor prioritizes the infringements your consumer is most likely to see and can analyse all the above for you.

Your next step would be to check if the site is brand affiliated. If it is not, we would employ the following procedures:

  1. Send a cease and desist letter to the domain registrant.
  2. For pay-per-click sites, MarkMonitor use a process called graveyarding to have the ads removed, thus preventing the domain registrant from monetizing on the framework.
  3. If the registrant refuses to remove the infringing content, a letter can be sent to the ISP.
  4. In most cases, MarkMonitor will use multiple strategies, such as, a cease and desist letter as well as a letter to the advertiser, to elicit the most effective response.

Phishing fraud involves one less step than its counterpart. Because a legal cease-and-desist is not required of the brand owner – and because ISPs are responsible for any fraudulent content on their network – MarkMonitor sends a notification on your behalf about the hosted phishing content, provides the URL and IP address and asks that it be removed.

The process looks like this:

  1. Shutdown request sent to ISP (Telco for phone numbers)
  2. Notification to domain owner or registrar
  3. Escalations to host country CERT, as needed

MarkMonitor understands this process and ensures that each type of request, letter and report uses the correct language and tone to affect an effective resolution.

When proof of malicious intent is lacking, a brand infringement enforcement should be employed. When proof of fraudulent activity is present, MarkMonitor can employ a fraud enforcement. Traditional phishing sites have a six to ten-hour median shutdown times.

To learn more, watch our on-demand webinar: Brand and AntiFraud Enforcement Strategies.