By Tom Wells
Introduction
Does the below situation sound familiar?
- You become aware of a phishing scheme targeting your company via a malicious domain name.
- You take legal action to shut down and reclaim the problematic domain name.
- You then become aware of a new malicious domain name registered by the same bad actor who registered the domain name you just reclaimed.
What should you do at this point?
First of all – you are not alone.
In fact, experts have found that malicious registrations and phishing emails continue to grow at an uncomfortable pace – phishing attacks increased by 65% between 2022 and 20231. To make matters worse, many bad actors are very knowledgeable of domain name processes allowing them to evade prosecution and repeatedly target a particular company.
Secondly – the previous efforts to reclaim malicious domain names are not lost and there are several ways to resolve the situation.
The FairWinds team has decades of experience fighting domain name bad actors in order to protect our clients’ brand reputations. Based on our experiences, most attacks on a brand are performed by less organized infringers that will simply give up on targeting the same brand or company after one or two of their domain names are shut down. However, while rare, others are more persistent. If your brand is the target of a more organized and persistent bad actor, what can you do? The bad news is that once a bad actor invests significant time in building a profile that targets a specific brand, usually via email phishing scams enabled by domain names that are confusingly similar to the target brand and/or via a web of fraudulent sites, he/she is more likely to try and continue the scam through a different domain name once the original one is taken away. The good news is that they won’t continue forever. It’s a matter of showing the infringer that the brand stands firm and continues its enforcement efforts. Eventually, based on our experience, the infringer will move on to a target that is less skilled in terms of domain name reclaim and online enforcement options.
Now, in order to get to the desired result of the bad actor backing down, brands can either get there through one or several reclaim avenues (e.g., UDRP filings) or via court or law enforcement action.
Strategies to Fight Bad Actors
As such, below are the two main strategies to fight domain-infringing behavior:
Option 1: File DMCA takedown notices to remove MX records and take down websites, and file UDRPs to take full control over the domain name(s) when the infringer chooses not to comply.
| Mechanism | Requirements | Results |
| DMCA Takedown | Evidence of malicious emails, e.g., copy of phishing email. Evidence of fraudulent web content. | When successful, removes the domain name’s email functionality and/or taking down the website thus resolving the phishing issue. |
| UDRP | Trademark registration certificate and evidence of brand reputation to prove the company’s rights incorporated in a comprehensive UDRP complaint. | When successful, exposes the identity of the registrant and transfers the domain name to your company thus mitigating the risk of further malicious activity via that domain name. A single UDRP can also be filed against multiple domains held by a single registrant. |
The combination of the two curative measures mitigates the risks presented by the malicious domain name. This sends a message to the registrant that the brand does not back down and has the means to continue standing up against this type of use, thus creating obstacles to the registrant’s bad faith operations. By taking the domain name out of the registrant’s hands, any prior emails to unsuspecting targets will get disrupted before additional damage can be done.
According to FairWinds domain enforcement counsel, Jeanette Eriksson, “when a brand responds by taking direct action, and does so consistently when needed, the absolute majority of infringers simply realize that it’s time to move on.”
This approach requires patience until the registrant moves on to a brand that isn’t as determined to fight back and efficient at handling domain name infringements.
Option 2: Request a court in the registrant’s country to issue an injunction against the registrant, registrar, and/or hosting provider.
| Mechanism | Requirements | Results |
| Injunction via Court | Trademark rights in registrant’s country, proof of harm from the scam, and use of local counsel to prepare a complaint and manage the procedure and/or law enforcement. | When successful, exposes the identity of the registrant and may be able to addresses the fraudulent activity at the source and recover damages. However, there are service providers who help bad actors defy or flat out ignore court orders, which makes the process more complicated and certainly more costly. |
In other words, the route of UDRP filing(s) and hosting provider takedown(s) (DMCA in the US), in the majority of scenarios, is the most efficient approach from a time and cost perspective. But when should you move away from DMCA takedowns and UDRPs to focus on an injunction? Ultimately, an injunction should be reserved for situations where:
- The registrant is persistent and has not given up after 4 or more UDRPs and/or takedowns, and
- The actual damage is large enough to justify the much higher cost of litigation.
Litigation could range from $20,000 up to $50,000 or more and requires a time investment, so this approach should be reserved for the most critical cases that target your highest priority trademarks and cause the most reputational, financial or business harm.
If your brand is in this situation, the FairWinds Partners team is available for consultation upon request to identify which course of action will be most efficient and effective for your specific situation and brand strategy. Contact us here.