Domain Name Scams & Online Interaction Guide 101
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Domain Name Scams & Online Interaction Guide 101 1
Domain Name Scams & Online Interaction Guide 101 A. Domain Name brands or any other company, you need to Domain Name plays an essential role in many conduct due diligence, which may include: businesses – and scammers – today. The i. Check the verified Social Media pages purpose of the domain name may include of such companies on whether such online presence, trademark, custom email a promotion is taking place (some address, public relations, control on possible posts addressing such domain name misuse by third parties, domain advertisements, if any). hoarding/squatting, domain hijacking, ii. Search online for the organisation's phishing, among others. Practices like actual domain name; ideally, you hoarding or hijacking are prevalent in many search the organisation's name, and it developed countries and slowly creeping into will likely get you the results of the developing countries, either effected by domain name and access it to check people in developed states or ingenious whether the promotion is mentioned people in developing countries. or being advertised on the website. Kenya citizens, among other African citizens, While conducting your online search, need to understand how to interact with be careful as certain organisations domain names – while the remark might may have low brand protection and seem to look down upon African citizens, it online visibility; hence, the scammers is essential to note that the developed may even have a better listing based countries are equally facing similar challenges on the Search Engine Optimization regardless of the developed infrastructure (SEO) practices. and communication channels. As a result, Ong'anya Ombo Advocates LLP will provide iii. You may consider making two to 101 Guide Note on interacting with domain three calls to the company to confirm names and related fields. whether the advertisement or promotion is proper. The option to a) Cautious Approach make two or three calls is to The cautious approach simply requires a hopefully talk to two or three website visitor or email recipient to be more different customer care service careful when intending to interact with providers for different opinions domain names. A malicious person (MP) concerning the advertisement or understands that issues that trigger a person's promotion. mind are related to gifts or money. In that regard, the MP will develop a strategic b) Domain Name Scare to Register scheme that informs people that a specific Domain Name Scare to Register occurs as a well-known brand is issuing gifts or monetary result of the Online Brand Protection. In awards to the public upon taking a particular most instances, big brands or financially action. It is important to note that famous stable organisations will register more than brands like Safaricom, Carrefour, EABL, 100 domain names; thus, both the country Amazon, Facebook, among others, will use code Top Level Domain (ccTLD) and visible models of marketing to access the general Top-Level Domain (gTLD). needed audience and not – for instance – However, for smaller organisations, those through WhatsApp forward messages, with low budget, less interested in online premium rate services, among others. branding, or lack knowledge on Online Branding are likely to focus on one or a few Once you receive a message indicating that domain names that can be put to use – and there is an ongoing promotion by these these are the organisations or individuals that are likely to be targeted by individuals 1
focusing on scaring them to buying domain domain waterwatadoe.com may be names that they are not interested in registered with a slight modification with purchasing. win-waterwatadoe.com. whereby the “win-” seem to appear as a related or a form c) Domain Name Authentication of subdomain when it is not related or a Domain Name Authentication is a process subdomain of waterwatadoe.com. conducted to understand whether the domain name that one is about to access is Domain Name Authentication can be genuine or the email received from the through: organisation that one has in mind. Initially, i. WhoIs Search: while addressing the "Logical Reasoning," a. ICANN: there are initial steps that one can take to https://lookup.icann.org – it confirm the domain name. However, for is suitable for gTLD certain organisations, the domain name b. Domain Tools: might be johndoe.com, but the emails are https://whois.domaintools.c sent via johndoe.net, email.johndoe.com, or om – it is ideal for both johndoe.app, among other options. ccTLD and gTLD The first step is to use your search engine gTLD refers to .com, .org, (search engine includes Google, Bing, .net, .app, among others. Yandex, Yahoo, Baidu, YouTube, Facebook. ccTLD refer to .co.ke, .ca, However, for purposes of this discussion, .ru, co.za, among others. Google, Bing, Yahoo will be the best options) to check the organisation name, hoping the In certain instances, it is likely domain name will appear on the search to find that certain engine pages and access the link. organisations have requested the organisation's One needs to factor organisation’s age and information be redacted for domain name age as well. In doing so, it will privacy reasons based on be odd that a well-established organisation Privacy Laws or internal has a new domain or the data in its profile policies of the domain does not relate to the organisation. However, registrar – and country where in certain instances, well-established brands the domain registrar is will have new domain names; for instance, in located. Kenya, Barclays Bank Kenya Plc was recently ii. Calling the Organisation. rebranded to Absa Bank Kenya Plc; iii. Checking the Help/ Community JamiiBora Bank Limited was recently Forums of the organisation. rebranded to Kingdom Bank; Gulf Energy, Community forums are common in Kenol-Kobil were rebranded to RUBiS. It is big organisations like Facebook, essential to consider that online scammers Twitter, PayPal, Google, among take advantage of these opportunities to others. swindle unsuspecting individuals or organisations during such rebranding d) Website Verification processes. For instance, a business using a Website Verification is quite different from domain like waterwatadoe.com can be Domain Name Verification; however, malicious represented by an MP as verification of one may establish the reason vvaterwatadoe.com or whether to trust or not trust the other – but watervvatadoe.com – in these two not all the time. In a few instances, someone examples, the letter “w” has been switched to might have access to the emailing database of double “vv” to make it appear as “w” to a company and release the email through the unsuspecting person. In other instances, the official email of the organisation, which 2
means the domain name will check out; auto-installs in the designated gadget and, if however, at the reply option, the email possible, encrypt the servers' of the whole address is different from the sender's email organisation, on the other hand, for phishing address, which means that when responding, purposes, the link will redirect the recipient the owner (victim one) of the account will of the email to a different domain name, not know about the communication going on probably with slight adjustments from the between the third party (victim two) and the original domain name, with a website that is scammer. better, similar or strikingly similar to the original one requesting the person to key in Once you receive an email, it is essential to certain information. check the upper bar of the email to confirm whether the email “from” matches with It is important that when such “reply to.” While there are unique instances communications are received, the recipient when there might be a difference, this is not verifies with the relevant organisations, common. Emails with such differences departmental heads, or teammates on should be treated with caution. Considering whether the email was drafted and sent by the that a domain name on "from" differs from sender/undersigned. "reply to," there is a likelihood that the receiver of that email is about to be scammed It is advisable to adopt the use reputable or data phished. Virtual Private Network (VPN) when using internet. The best VPNs are considered to Phishing of data and system encryption by provide the best encryption that blinds the ransomware results from such email hackers from intercepting in and out flow of communications when one clicks a link that data from the gadget. either automatically downloads a file that DISCLAIMER: Take note that the information herein is not intended to serve as a legal opinion or advise, and should you need any clarity or understanding of what this information is about, you are advised to seek professional advice from your legal 3 advisor, lawyer, or the professional person that you deem fit in reference to the questions that you have. In addition, you agree that, should you rely on this information, you shall not hold us liable, be it directly or indirectly.
Ong’anya Ombo Advocates LLP, 4th Floor, Windsor House, University Way, P.O. Box 15598 – 00400, Nairobi, KE. m: +254 703 672 515 e: hello@onganyaombo.com w: www.onganyaombo.com Ong’anya Ombo Advocates LLP © 2021 4
You can also read