TYPOSCAMS! PHISHING! TYPOSQUATTING In Light Of COVID-19 – Watch What You Read! – Criminal Law | #phishing | #scams



To print this article, all you need is to be registered or login on Mondaq.com.

Hello, this is @#&% from &*&^
Bank, you are being given a loan of Rs.
5,00,000!!

Hi, this is ABCD from XYZ Credit Card Company,
you have been selected for a cash prize of 1,00,000
rupees
!”

Many of us have at one point of time or the other disconnected
such unsolicited calls in frustration. Unsolicited calls for such
‘scams’ have been there for decades. Additionally, we also
receive innumerable unsolicited e-mails from a variety of
enterprises, many of which are blatantly scams, that we are
constrained to delete from our inboxes on a daily basis.
Correspondingly, there have been increasing number of initiatives
to make the general public cautious and aware of such scams and
have the presence of mind not to fall into such traps.

However, con-artists/criminals/scammers/ ‘phishers’,
trying to keep a step ahead of security practices, have come up
with ingenious and nefarious new methodologies to trap users -
which have brought to the fore concepts such as
“typosquatting”. While this is not a new concept, this is
something which assumes great importance in this day and age, when
such scams/phishing can spill-over in the pharma world/industry due
to the prevalence of COVID-19 and vaccines and
such.

“Typo-Phishing”, “Typoscams” or
“Typosquatting”

“Typo-phishing” or “typo-squatting” is not a
new menace, but has reared its ugly head in this time of global
crisis in the face of the COVID-19 pandemic. Internet users can be
targeted to disclose personal information under the guise of
medical assistance or for registering for an ever elusive
vaccine.

The perpetrators of such typoscams are well aware that most busy
individuals do not have the time to carefully scrutinize each and
every email dropping into their flooded inboxes. Therefore, we
prioritize our attention on emails we believe are likely to be
necessary or urgent, such as those from banks, hospitals, medical
institutions, financial institutions, educational institutions,
etc. Knowing this, ‘phishers’ attempt to capture our
attention by engaging in ‘typosquatting’.

In such cases, the perpetrators tend to register a domain name
which closely resembles the official websites of such institutions,
and/or host websites thereon which may be identical or closely
similar to the original ones. From the said websites, the phishers
may then send emails which may even be very similar to original
emails from these institutions, with the intention of duping users
to divulging confidential personal information (such as card
numbers, passwords, bank details, etc.) towards eventually
depriving the users of their money. The high quality and deceptive
similarity of some of these websites/emails is the core threat of
typo-squatting cases. As phishers become cleverer and
sophisticated, in some cases it becomes VERY DIFFICULT to
distinguish fake from real. For example, a user desperately
searching for vaccines and related information, may easily be
misled into providing critical personal details to a ‘fake’
website such as AZTRAZENECA.COM or
PIFZER.COM and/or email IDs associated with such
websites/domains.

It is very easy, for even highly educated and aware customers,
to get fooled by such typo-squatters who may adopt such and similar
tactics. It is a common cognitive error wherein readers comprehend
the entirety of the text based on a few familiar letters, despite
spelling errors and other misplaced letters therein. For example,
it is very easy to confuse ‘AstraZeneca
and ‘AztraZeneca‘, especially if it is in
an email/website/SMS, and particularly for those anxious under
present circumstances to get vaccinated.

Therefore, skilled typo-squatting can lead to very serious
crimes, including but not limited to identity theft, fraud and
financial scams, theft of intellectual property, theft of
confidential business information, and even (as indicated by the
above example) frauds having undesired, perhaps even dangerous,
medical consequences.

[For more information about examples of such Cyber Theft and
the laws governing such cyber-crime in India, please refer to

https://ssrana.in/articles/cyber-theft-a-serious-concern-in-india/
.]

DOMAIN NAME ARBITRATION – A SOLUTION TO OBTAIN SUCH DOMAIN
NAMES

Typo-squatting has come before domain arbitration forums, such
as the WIPO Arbitration and Mediation Center (for gTLDs such as
.COM, .NET, etc., domains) and NIXI in India (for ccTLDs such as
.IN and .CO.IN) for a long time. Many brand owners may opt to take
more stringent measures such as filing lawsuits/ criminal
complaints or ‘soft’ measures such as sending cease &
desist letters to such typo-squatters, however a better option (in
cases where a  typo-squatting domain is the sole instance of
infringement) is to file domain complaints, as they not only result
in cessation of use of the fraudulent activity, but also lead to
transfer of the domain names to the brand owners, at the fraction
of the cost of litigation.

UDRP (Uniform Domain-Name Dispute-Resolution Policy) on
Typo-squatting and Typoscams

Typosquatting has been recognised in numerous decisions under
the UDRP. Under the UDRP, three elements have to
be established (domain name is similar/identical to a trade mark or
service name; respondent lacks any legitimate rights or interest;
and use and registration of the domain name is in bad faith). It is
evident that such domain names are similar/identical to trade names
or trademarks, and it would be difficult for typo-squatters to come
up with arguments justifying that they are making legitimate or
fair use of such similar/identical domain names and that the same
are not in fact bad faith registrations.

In fact, an example of how typosquatting can lead to big
problems in today’s pandemic-ridden world is when it extends to
the pharmaceutical industry. In 2005, AstraZeneca
AB
, the co-creators of the
Covishield” vaccine had to file a UDRP
domain complaint to recover the domain names
ASTRASENECA.COM and
AZTRAZENECA.CO1 (as mentioned earlier
as an example), which were basically the name
AstraZeneca‘ with minor typographical
errors. One can imagine the havoc a typo-squatter could have
wreaked in 2020-2021, if these domain names/websites had been
allowed to be around for purposes such as phishing or identity
theft. Even Pfizer Inc., a maker of another
COVID-19 vaccine, had to tackle a similar instance back in 2006,
for the domain name PIFZER.COM2. In
both these cases, the respective WIPO panels had recognised
typosquatting.

INDRP (.IN Domain Name Dispute Resolution Policy) on
Typosquatting

Typosquatting has also been recognized in decisions under the
INDRP, including but not limited to the ones below:





S.No. Trade Mark Domain Name Case No.
1. SKYSCANNER SkySkanner.co.in INDRP/ 1219
2. Formula 1 Formule1.in INDRP/960
3. MICROSOFT Micorsoft.in INDRP/517

Thus, if facing a “typosquatting” problem with respect
to .IN or a .CO.IN domain
name/website, brand holders have the viable option of filing a
complaint under the INDRP before NIXI, to recover the said domain
name/s.

CONCLUSION

Thus there is a big potential of misuse/fraud via typosquatting
in domain names, including (as depicted above) with respect to the
pharmaceutical industry. Perpetrators may be able to dupe unknowing
members of the public into leaking confidential medical, financial
and personal records. A good option for recovering such infringing
domain names by brand owners is by filing domain complaints -
provided no active or hazardous fraud is being perpetuated by the
domain name, as in those cases, a lawsuit (for interim injunction)
or a complaint with the cyber cell would be a more comprehensive
option.

In conclusion, it is imperative for the general public to be
wary of such scams and read content in emails or over the Internet
very carefully, especially if it concerns topics such as medical
care, vaccinations, pharmaceuticals, financial information,
educational information, etc.

[For more information regarding how to spot such instances
of phishing, please refer to our earlier article at
https://ssrana.in/articles/emerging-frauds-digital-world/
.]

Concurrently, it is also important for brand owners to conduct
timely due diligence and take reports of fraud regarding such
phishing and typosquatting seriously, as the same is likely not
only damage their goodwill and reputation, but cause actual harm to
the general public.

Footnotes

1.
AstraZeneca AB v. Alvaro Collazo [Case No.
D2005-0367
], available at https://www.wipo.int/amc/en/domains/decisions/html/2005/d2005-0367.html.

2.
Pfizer Inc. v. Registrant [Case No. D2006-1646],
available at https://www.wipo.int/amc/en/domains/decisions/html/2006/d2006-1646.html.

Related Posts

VAC-SINNERS @ WORK: THE RISE OF ONLINE VACCINATION
SCAMS

Counterfeiting of Anti-Covid Medicines

Cyber Crime during Coronavirus Pandemic

For further information please contact at S.S Rana &
Co. email: info@ssrana.in or call at (+91- 11 4012 3000).
Our website can be accessed at
www.ssrana.in

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

seventy five − = 71