Building

The last Decade in IP (2): The Mind’s Eye Strategy

In my last article, I explained one of the most cost-effective Intellectual Property protection strategies that a brand holder could deploy, that of education, education, education.

2017-10-19

by Stuart Fuller (CentralNic)

By arming their loyalist customers, the brand advocates, many organizations are effectively outsourcing a significant amount of the detection and reporting of IP infringement whilst in the process creating stronger bonds with the brand itself.

If that was a truly replicable and effective strategy across all verticals and for all companies then the world would be a happier place. Unfortunately, IP infringement is significantly more pervasive and impacts almost every organization at some level and so brand holders need to have other options over and above the basics of educating customers on the pitfalls of buying counterfeit items.

As much as they would like to, it is inconceivable for a IP rights holder to wage war on every infringement that could possibly be out there both online and offline. Some organizations will turn a blind eye to issues, others are completely ignorant of the problems. Many brand holders will dip their toe into the world of brand protection, taking action against a small number of infringers, potentially those who appear to be having the most damage on the brand and its IP.

The right brand protection strategy for one brand holder may be completely unsuitable for another, based on the resources they have at their disposal, their industry, their appetite for eliminating the problems and the damage the abuse is causing to revenues, reputation and ultimately customer confidence. An alternative and often additional approach to the Education Strategy is the Mind’s Eye Strategy where the limited resources of an organization are focused on a small number of intellectual property infringers who appear to be responsible for the volume of infringements. Doesn’t sound like rocket science does it, but you will be surprised how often organizations try to boil the ocean with a scattergun approach and overcommit themselves, essentially setting themselves up for failure before they really begin. In other words, an organization needs to pick its battles carefully, ones where the return on investment is clear to see.

One vertical that not only faces the biggest issues from abusers but also the biggest impact is the finance sector. It took years of education and marketing spend from some of the biggest organizations in the world to build trust in the Internet. Fifteen years ago, the Internet was still viewed by many consumers as a lawless place, somewhere where cyber criminals lurked around every virtual corner. Today, our attitudes may have changed but the threats are still even more real. Despite that we will happily share personal and even financial information at the touch of a button, using apps on our smartphones as part of the connected generation. In our quest to become more engaged, more liked, more present, we will often accept requests on popular Social Media networks to become “friends” with people we barely know. We will intentionally, or more often than not unintentionally, share the most personal of details with people we have never met before. Herein lies one of the fundamental threats posed by the Internet and one of the reasons why cybercrime is showing no sign of abating.

Talk to any Chief Security Officer at a financial institution today and he will tell you the bad guys rarely come through the front door these days. The biggest threats come from those who hide behind a mask of ones and zeros and rarely commit the crimes themselves. These cyber criminals devote their life to beating the banks but the financial institutions greatest weakness is actually their own customers.

One of the biggest threats to financial institutions today is phishing. This involves fraudsters pretending to be from a legitimate organization, such as a bank, sending misleading emails that request personal and financial details from unsuspecting people. Phishing is usually associated with spam, whereby thousands of messages are sent out in the hope that a few people will be caught and supply their financial and personal details. The reason why this type of infringement is still so popular is that it costs virtually nothing to perpetrate, yet the gains can be significant, even if the fraudster only tricks one victim. For a bank, being able to stop phishing attacks represents a huge win-win. Their clients (and their cash) remain protected, whilst confidence in their commitment to security and protection rises.

Banks are seen as fair game by the perpetrators, who are constantly looking at ways to take advantage of their intellectual property. Unfortunately, phishing still appears to be a growing trend. According to the Anti-Phishing Working Group’s 2016 H4 Study (www.antiphishing.org), there were over 92,500 phishing attacks per month, the highest number for over five years and a 65% increase in the last twelve months. Banks and financial payment services (30%) and e-commerce websites (42%) being the most frequently targets. The key to stopping phishing before it can cause any damage is identifying any domain names that are registered to deliver the phishing attack.

Many organizations use domain name monitoring tools to provide valuable intelligence in combatting intellectual property abuse. Understanding where third parties are registering domain names that infringe existing IP or are confusingly similar and could be used to deceive others is a central part of a Mind’s Eye Strategy. A domain name is often at the core of all online infringements. However, it should be remembered that domain names can be registered in a matter of minutes, with damaging content appearing on the Internet within hours that will not be picked up by even the most robust domain monitoring strategy for at least 24 hours. Many of the domain names registered for these attacks don’t actually match existing IP – numbers are used instead of letters to hoodwink people. Not convinced? Try seeing how long it takes for your brain to read the following: -

“7H15 M3554G3 53RV35 7O PROV3 H0W 0UR M1ND5 C4N D0 4M4Z1NG 7H1NG5!”

Again, referring back to the APWG’s H4 2016 report only a small number of phishing attacks use domain names that were confusingly similar at the second-level (ranging from 3% to 4% of all attacks).

“A relatively low percentage of phishing websites targeting a brand attempt to spoof that brand in the domain name—whether at the second-level or in the fully-qualified domain name,” says Jonathan Matkowsky, VP for intellectual property & brand security at RiskIQ.

Phishers do not need to use clever domains names to fool Internet users into visiting their sites. Instead, users are often fooled by hyperlinks (which must be hovered over to even see the destination domain), URL shorteners, which mask the destination domain, or brand names inserted elsewhere in the URL.

This is the major issue facing not only the IP rights holder but also brand protection companies who need to try to stop the issue at source. Using a domain name monitoring solution that not only focuses on exact and near match domain name registrations but also some of the common typos such as where ‘0’ is used instead of ‘O’, ‘3’ instead of an ‘E’ and ‘1’ instead of an ‘I’. The cyber criminals need to make the domain name registrations confusingly similar and as we have seen from the message above, our brains have ways to trick us into understanding something that doesn’t exist.

The Mind’s Eye Strategy is a starting point for any intellectual property protection. It is rarely one used in isolation, rather forming part of an overall battle plan against IP infringement and one that requires quick action. However, it is vitally important for the protection of clients as well as reputational damage.

Share this content on social media channels!