Domain Name Scams & Online Interaction Guide 101

Page created by Ron Clarke
 
CONTINUE READING
Domain Name Scams &
Online Interaction Guide 101

                               1
Domain Name Scams & Online Interaction Guide 101
A. Domain Name                                        brands or any other company, you need to
Domain Name plays an essential role in many           conduct due diligence, which may include:
businesses – and scammers – today. The                   i.  Check the verified Social Media pages
purpose of the domain name may include                       of such companies on whether such
online presence, trademark, custom email                     a promotion is taking place (some
address, public relations, control on possible               posts          addressing        such
domain name misuse by third parties, domain                  advertisements, if any).
hoarding/squatting,      domain      hijacking,         ii.  Search online for the organisation's
phishing, among others. Practices like                       actual domain name; ideally, you
hoarding or hijacking are prevalent in many                  search the organisation's name, and it
developed countries and slowly creeping into                 will likely get you the results of the
developing countries, either effected by                     domain name and access it to check
people in developed states or ingenious                      whether the promotion is mentioned
people in developing countries.                              or being advertised on the website.

Kenya citizens, among other African citizens,                 While conducting your online search,
need to understand how to interact with                       be careful as certain organisations
domain names – while the remark might                         may have low brand protection and
seem to look down upon African citizens, it                   online visibility; hence, the scammers
is essential to note that the developed                       may even have a better listing based
countries are equally facing similar challenges               on the Search Engine Optimization
regardless of the developed infrastructure                    (SEO) practices.
and communication channels. As a result,
Ong'anya Ombo Advocates LLP will provide               iii.   You may consider making two to
101 Guide Note on interacting with domain                     three calls to the company to confirm
names and related fields.                                     whether the advertisement or
                                                              promotion is proper. The option to
a) Cautious Approach                                          make two or three calls is to
The cautious approach simply requires a                       hopefully talk to two or three
website visitor or email recipient to be more                 different customer care service
careful when intending to interact with                       providers for different opinions
domain names. A malicious person (MP)                         concerning the advertisement or
understands that issues that trigger a person's               promotion.
mind are related to gifts or money. In that
regard, the MP will develop a strategic               b) Domain Name Scare to Register
scheme that informs people that a specific            Domain Name Scare to Register occurs as a
well-known brand is issuing gifts or monetary         result of the Online Brand Protection. In
awards to the public upon taking a particular         most instances, big brands or financially
action. It is important to note that famous           stable organisations will register more than
brands like Safaricom, Carrefour, EABL,               100 domain names; thus, both the country
Amazon, Facebook, among others, will use              code Top Level Domain (ccTLD) and
visible models of marketing to access the             general Top-Level Domain (gTLD).
needed audience and not – for instance –              However, for smaller organisations, those
through WhatsApp forward messages,                    with low budget, less interested in online
premium rate services, among others.                  branding, or lack knowledge on Online
                                                      Branding are likely to focus on one or a few
Once you receive a message indicating that            domain names that can be put to use – and
there is an ongoing promotion by these                these are the organisations or individuals that
                                                      are likely to be targeted by individuals

                                                  1
focusing on scaring them to buying domain           domain waterwatadoe.com may be
names that they are not interested in               registered with a slight modification with
purchasing.                                         win-waterwatadoe.com. whereby the
                                                    “win-” seem to appear as a related or a form
c) Domain Name Authentication                       of subdomain when it is not related or a
Domain Name Authentication is a process             subdomain of waterwatadoe.com.
conducted to understand whether the
domain name that one is about to access is          Domain Name Authentication can be
genuine or the email received from the              through:
organisation that one has in mind. Initially,          i.  WhoIs Search:
while addressing the "Logical Reasoning,"                    a. ICANN:
there are initial steps that one can take to                     https://lookup.icann.org – it
confirm the domain name. However, for                            is suitable for gTLD
certain organisations, the domain name                       b. Domain                 Tools:
might be johndoe.com, but the emails are                         https://whois.domaintools.c
sent via johndoe.net, email.johndoe.com, or                      om – it is ideal for both
johndoe.app, among other options.                                ccTLD and gTLD

The first step is to use your search engine                         gTLD refers to .com, .org,
(search engine includes Google, Bing,                               .net, .app, among others.
Yandex, Yahoo, Baidu, YouTube, Facebook.                            ccTLD refer to .co.ke, .ca,
However, for purposes of this discussion,                           .ru, co.za, among others.
Google, Bing, Yahoo will be the best options)
to check the organisation name, hoping the                          In certain instances, it is likely
domain name will appear on the search                               to     find     that      certain
engine pages and access the link.                                   organisations have requested
                                                                    the              organisation's
One needs to factor organisation’s age and                          information be redacted for
domain name age as well. In doing so, it will                       privacy reasons based on
be odd that a well-established organisation                         Privacy Laws or internal
has a new domain or the data in its profile                         policies of the domain
does not relate to the organisation. However,                       registrar – and country where
in certain instances, well-established brands                       the domain registrar is
will have new domain names; for instance, in                        located.
Kenya, Barclays Bank Kenya Plc was recently           ii.   Calling the Organisation.
rebranded to Absa Bank Kenya Plc;                    iii.   Checking the Help/ Community
JamiiBora Bank Limited was recently                         Forums of the organisation.
rebranded to Kingdom Bank; Gulf Energy,                     Community forums are common in
Kenol-Kobil were rebranded to RUBiS. It is                  big organisations like Facebook,
essential to consider that online scammers                  Twitter, PayPal, Google, among
take advantage of these opportunities to                    others.
swindle unsuspecting individuals or
organisations during such rebranding                d) Website Verification
processes. For instance, a business using a         Website Verification is quite different from
domain like waterwatadoe.com can be                 Domain Name Verification; however,
malicious represented by an MP as                   verification of one may establish the reason
vvaterwatadoe.com                          or       whether to trust or not trust the other – but
watervvatadoe.com – in these two                    not all the time. In a few instances, someone
examples, the letter “w” has been switched to       might have access to the emailing database of
double “vv” to make it appear as “w” to             a company and release the email through the
unsuspecting person. In other instances, the        official email of the organisation, which

                                                2
means the domain name will check out;                   auto-installs in the designated gadget and, if
            however, at the reply option, the email                 possible, encrypt the servers' of the whole
            address is different from the sender's email            organisation, on the other hand, for phishing
            address, which means that when responding,              purposes, the link will redirect the recipient
            the owner (victim one) of the account will              of the email to a different domain name,
            not know about the communication going on               probably with slight adjustments from the
            between the third party (victim two) and the            original domain name, with a website that is
            scammer.                                                better, similar or strikingly similar to the
                                                                    original one requesting the person to key in
            Once you receive an email, it is essential to           certain information.
            check the upper bar of the email to confirm
            whether the email “from” matches with                   It is important that when such
            “reply to.” While there are unique instances            communications are received, the recipient
            when there might be a difference, this is not           verifies with the relevant organisations,
            common. Emails with such differences                    departmental heads, or teammates on
            should be treated with caution. Considering             whether the email was drafted and sent by the
            that a domain name on "from" differs from               sender/undersigned.
            "reply to," there is a likelihood that the
            receiver of that email is about to be scammed           It is advisable to adopt the use reputable
            or data phished.                                        Virtual Private Network (VPN) when using
                                                                    internet. The best VPNs are considered to
            Phishing of data and system encryption by               provide the best encryption that blinds the
            ransomware results from such email                      hackers from intercepting in and out flow of
            communications when one clicks a link that              data from the gadget.
            either automatically downloads a file that

DISCLAIMER: Take note that the information herein is not intended to serve as a legal opinion or advise, and should you need
any clarity or understanding of what this information is about, you are advised to seek professional advice from your legal
                                                                3
advisor, lawyer, or the professional person that you deem fit in reference to the questions that you have. In addition, you agree
that, should you rely on this information, you shall not hold us liable, be it directly or indirectly.
Ong’anya Ombo Advocates LLP,
       4th Floor, Windsor House,
             University Way,
        P.O. Box 15598 – 00400,
              Nairobi, KE.

          m: +254 703 672 515
      e: hello@onganyaombo.com
       w: www.onganyaombo.com

    Ong’anya Ombo Advocates LLP © 2021

4
You can also read