May 9, 2024 - by Phil Lodico
This article first appeared on Forbes Business Council on April 8, 2024.
The responsibility to protect one’s brand from bad actors has always existed. With the commercialization of the Internet over 20 years ago, the importance of brand protection has been ever-growing.
Over the past two decades, Internet users, consumers and businesses alike have become reliant on online interactions and have expected speed and ease. In an age of 24x7 digital availability, many now engage with digital technology with ferocity. However, this intense engagement has opened new opportunities for bad actors who use a company’s own domain names to harm the company and its customers.
Domain names are virtual doorways to a company’s website. An often-missed risk to domain security is that companies cannot control how customers seek to find them. As head of a domain registrar, I’ve seen how corporations pour millions of dollars into cybersecurity technology and human resources, yet miss the crucial importance of protecting their brands' security by accounting for the variation of human behavior.
An organization that owns thousands of domains to promote its products and services undoubtedly has a plan for how they’ll be using them. However, those best-laid-plans can dissolve if their legitimate, properly-spelled domains do not surface when someone types into a browser search bar. Even the most advanced security apparatus cannot control how someone will search online.
Bad actors capitalize on this kind of variation in users' search behavior to steal traffic meant to benefit genuine brands. Fraudsters can buy related or slightly off-brand domains—even those including another’s company name—to capture inquiries and sales meant for another organization. Even if the rogue company only uses the shady domains briefly until the brand owner picks up on the activity and shuts it down, there has possibly been brand and financial damage done to the legitimate brand holder. Plus, the legitimate brand owner may have to hire lawyers or tie up internal legal resources to make the unauthorized activity stop.
The security risks don’t stop there because other problems can result from somebody registering similar domain names and using them in phishing or spoofing attacks, where an email goes out to a list of people to “hook” them into a sneaky scam to steal data or money. Most companies have no knowledge of this before it happens and virtually have no control over the perpetrator. Regardless, those illicit, unauthorized emails are misusing the trust of the legitimate brand, leveraging the brand owner’s hard-earned credibility to swindle people. Unfortunately, bad actors always seem to be one step ahead, and their efforts are helped by the cheap price and ready accessibility of domains.
No amount of highway billboards, radio jingles or visual advertising is going to change the fact that consumers act as individuals. They are unpredictable. They may click on a spoofing or phishing email or take the bait when led to the wrong website. That’s tough news for brands intent on influencing people to visit their websites.
One solution is for companies to invest in both proactive and defensive domain registration programs to protect brands. Certainly, companies have neither desire nor budget to register every possible domain related to their brands. There’s science and art to deciding which domains an organization should register based upon their knowledge of consumer behavior.
The best approach is to factor the human variable into the domain strategy to protect and secure brands online, understanding that a wider net of domains may need to be cast to accommodate people’s unpredictability. This may require purchasing the organization’s domains to support its company, product and service names but also buying many domains defensively. Although the company may have no intention of publicly using these defensive domains, it can buy them so no one else can use them to harm its legitimate brands.
The good news is that purchasing domains is typically much cheaper than the cost of trying to buy them back or litigating brand infringement by others. Also, consider that by owning more domains that are vulnerable to illicit activity, the brand holder is likely to retain revenue that would be lost to illegitimate sources if they had been bought by bad actors.
Some companies manage and maintain their own domain portfolios. Others leverage assistance from a corporate domain registrar to help them select which domains to register based on historical analysis and future projects. Trying to understand how consumers conceptualize the company’s brand and how they are seeking it online is crucial. Refining the company’s domain strategy based on factors such as top-level domains and extensions, proximity and human search behavior will assist in determining which domains-including defensive ones-should be part of the company’s investment.
The following domain checklist can be useful for companies evaluating their domain choices. Using these criteria can help the organization plan its domain strategy and secure its brands online.
Domain Protection 101 Checklist
Ideally, the domain name portfolio will include all the company’s owned names, while also covering as many possible permutations defensively as the company can justify. That way, domains will provide doors to welcome consumers into the company’s circle of influence while locking bad actors out. People will always be unpredictable in their search behavior online, but by employing a judicious domain strategy that includes defensive domains, the company can protect its brands and effectively shore up domain security.
With more than 15 years of domain industry experience, Phil has long been a vocal advocate for brand owner’s rights. He was most recently Managing Partner at Fairwinds Partners, the industry’s leading domain name consultancy. While at Fairwinds Partners he advised multinational corporations on their domain name strategies to increase traffic, grow revenues, and improve online customer experiences. He has been actively involved in ICANN’s Business Constituency, was a member of ICANN’s 2009 Nominating Committee, and has served as Vice President of the Coalition Against Domain Name Abuse (CADNA). A graduate from Hobart College, he holds a bachelor’s degree in Economics and Psychology, receiving honors for his work in Consumer Choice Theory.
Recent posts from Phil Lodico