Ready or not, Web 3 is coming and with it comes new potential threats

Tim Brown at Com Laude explains how organisations need to combat the risks of cybersquatting and typosquatting

 

Web 3 will see the internet shift to a decentralised model where users have greater control over their data and privacy. In addition, because of its potential to create new experiences for consumers in the metaverse, and the potential to provide additional avenues for business to sell their products, Web 3, or the next generation of the internet is incredibly valuable to brands.

 

Just like how domain names were invented because people found remembering long strings of IP numbers difficult, a blockchain domain is an easy-to-remember address for storing data on the blockchain. As a result, blockchain domains represent a core element of getting Web 3 ready.

 

There are three types of blockchain domains today, which together have almost seven million combined registrations - Ethereum, Handshake and Unstoppable. However, despite record-breaking numbers of brands moving to Web 3, there are criminals whose only objective in terms of domain registrations is to profit from someone else’s hard work and IP, or to launch their malicious schemes.

 

Protecting your brand and customers involves understanding the different threats posed by criminals and considering how and when to protect and secure brands on the blockchain must begin to feature in strategy discussions.

 

Cybersquatting 2.0

“Cybersquatting” is the practice of registering names, especially well-known company or brand names, as internet domains, in the hope of reselling them at a profit.

 

Cybersquatters have been executing this type of criminal activity long before Web 3. For example, back in 2019 TikTok became a target of cyber criminals who anticipated the brand’s popularity and purchased the domain . This resulted in a large-scale legal battle, which came with a significant financial hit to the business. While TikTok’s fame made it more susceptible to cybersquatters, no industry is safe and almost every brand has the potential to be exploited.

 

As we enter the next evolution of the internet, the risks associated with cybersquatting do not disappear - enter cybersquatting 2.0. It’s very likely we’ll now see cybercriminals prey on current lack of Web 3 understanding and purchase popular domain names in the hope of financial reward when they are in demand by the brand itself. Effectively holding brands to ransom. 

 

On top of this, with no formal reclaim process for domains in Web 3 and registrants remaining anonymous, brand and trademark issues become much trickier to resolve.

 

All eyes on typosquatting

There has also been a spike in instances of typosquatting. Simply put, typosquatting, is a form of cybersquatting that targets internet users who incorrectly type a website address into their web browser. Typosquatting is a real threat because our brains learn to take a shortcut when we read text.

 

In other words, we often see and comprehend words that aren’t there. Our brains take the first letter and the last letter, and then fill in the gaps.

 

Want proof? Try reading this sentence:

 

“Our rscheearch sohws the huamn barin can raed it eevn if it looks a toatl mses”

 

It’s this principle that underpins the strategy of a typo-squatter. They use this knowledge to register domain names that are used to damage the revenue and reputation of IP and brand holders.

 

In our current iteration of the internet, many consider registering the most critical keywords to a business across all available domains is the best approach. While that may protect against a high level of abuse, it is expensive and does not take into consideration spelling mistakes or even the use of hyphens to break up keywords.

 

Reeling in phishing

Phishing is another threat where the effects can be felt across the entire organisation. As you may have noticed from the previous examples, this involves the targeting of your brand via a confusingly similar domain name. However, in this case, criminals are impersonating another business in order to steal and abuse confidential data.

 

The decentralised website may be an exact carbon copy of yours, except someone is using your brand name to collect your customers’ personal details. This could be through a promotion complete with an online form. As with most domain name abuse, the result has a negative impact on your business and affected customers don’t tend to be very forgiving.

 

To make matters worse, because blockchain domain registrants are anonymous, and without a formal reclaim process, brands are left wondering how to negotiate with an owner. As a result, traffic to the phishing site will continue long after the scam is discovered.

 

Getting prepared to enter Web 3

Given the anonymous, decentralised and unregulated nature of the blockchain, there are currently few solutions available to stop third parties from registering and using blockchain domain names that reflect another party’s trademark.

 

The usual regulations found in the IP world do not currently exist for this space. Blockchain domain naming services do not provide any dispute resolution proceedings meaning a rights owner has no recourse to complain over an IP issue.

 

Organisations need to be aware and proactive to take targeted action should their brand be hijacked by these cyber criminals. They must create a strategy for managing their brand presence in Web 3 and take steps to avoid cyber criminals sitting on their domain. Brands must decide first what they want to achieve in Web 3 and what infringers are most likely to do if they do not act.

 

For those brands who are not ready to establish their presence or have not fallen victim to any malicious acts, they must at the least form a plan - even if that plan is to do nothing but monitor developments for the moment.

 

Working with a domain name specialist will ensure organisations have a trusted partner with the experience to guide them through a world that is complex and constantly evolving.

 

---

 

Tim Brown is Head of Brand Protection at Com Laude

 

Main image courtesy of iStockPhoto.com