Domain Name Violations – E-Mail Fraud Solution Ways and Measures to be taken

Cybersquatting is the confusingly abusive registration and use of a domain name that resembles an existing trade mark. For example, (Figure 1), which clearly refers to Apple, Inc. even though ‘Apple’ is a generic term. Cybersquatters can engage in a wide range of illegal and illegitimate practices, including sending malware, selling counterfeit goods, hosting phishing schemes, stealing identities, and monetising deceptive advertising schemes. They also often use highly sophisticated automated programmes to acquire internet domain names on a large scale, which means that they exploit internet users on a large scale.

Likewise, one of the major threats is Email Impersonation Scamming or Email Spoofing, which is a cyber-attack to contact potential or existing contacts by using a fake email ID to create a perception that is very close to the real one by impersonating a company or person. This attack is mostly done by purchasing the domain name first by doing the Cybersquatting described above. With a little more advanced knowledge, it is possible to send mail directly with a fake extension without this purchase, this is possible. However, 99% of such mails are detected as spam by the system and fall into the junk folder. Therefore, legitimate (legitimate) registered e-mail addresses are used in such fraud cases.

In this attack, the aim is to produce similar e-mails by purchasing a domain name that is very difficult to distinguish from the original, or by adding a relevant suffix to the front or continuation of the domain name – in a way to cover the main, generic name exactly, and to impersonate the identities of business owners and managers by using them. The target is usually senior employees in authorised positions, and with these active identities, victims may be asked to transfer money, pay bills or send sensitive data to the attacker. This attack is also known as CEO Fraud.

In addition, there is another attack that can be done by changing the ‘from’ (from whom) part of an email address. This is called Email Forging. As a rule, each e-mail has two different senders. One email address is called ‘envelope sender’ and the other is set in the email header. The latter is known as the ‘From:’ header, which is normally displayed by email clients such as Microsoft Outlook. Unfortunately, cybercriminals can spoof the ‘From:’ header to trick email clients into displaying a name and email address belonging to your business. There are ways to prevent this (registering and confirming SPF, DKIM and DMARC registrations), but these are advanced technical details and will not be detailed in this note.

WIPO- World Intellectual Property Organization (WIPO) is a globally known and authoritative organisation established to develop recommendations and methods to combat online abuses in domain name and trademark issues, to protect the rights of trademark owners and to create consumer confidence in global e-commerce. The institution has proven its success by producing a highly successful and effective online tool with the UDPR (Uniform Domain Name Dispute Resolution Policy), which it has optimised over time as an application process.

Nevertheless, the WIPO application process can be considered as a very laborious, long-lasting and costly method. Even the WIPO itself sometimes recommends ICANN (Internet Corporation for Assigned Names and Numbers), which is the highest level organisation where all domain names in the world have been registered compulsorily since day one, as a faster, highly efficient and cost-effective channel for cyber invasions and trademark infringements depending on the circumstances of the case. WIPO has recently been working on a lighter and faster model called WIPO 3.0.

OPTION # 2: lodging a UDRP COMPLAINT through ICANN
Rightsholders may file infringement complaints using the Unique Domain Name Dispute Resolution Policy (UDRP), a set of procedures ICANN has developed to resolve disputes. The UDRP requires a complainant to have the following three elements in place:

The domain name must be confusingly similar to the complainant’s trade mark.
The registrant has no right or legitimate interest in the domain name.
The domain name must have been registered and used in ‘bad faith’.
If the UDRP complainant is successful in its claim, it may be able to have the disputed domain name transferred to its control or cancelled, but financial compensation is not available. To file a complaint, fill out the online form available on the ICANN website at the following link;

However, there are avenues that must be exhausted before applying to ICANN. Complaints about an abusive domain name must first be reported to the registrar. Before filing an abuse complaint with ICANN, it is necessary to submit an abuse report to the registrar using the registrar’s published abuse contact information, and to allow and document sufficient time for the registrar to review and respond. To identify the parent registrar of a domain name, a search can be performed at (abusive contacts are listed in the ‘Registrar Information’ field) and the abusive contact information should also be displayed on the registrar’s website.

NOTE: It would be costly for trade mark owners to file a UDRP application against each infringement as the number increases. Even if they did, the most severe penalty permitted under the UDRP is to force a cyber attacker to relinquish the disputed domain name that is currently the subject of the application. This is not a deterrent for cyber attackers with thousands of domain names, and they can easily replace the lost domain name with another infringing site.

Trademark owners regularly register defensive domain names to keep them out of the hands of bad actors. However, bad actors can design an infinite number of possible domain names that contain misspellings or combine trademarks with other words. Attackers can purchase a variety of domain names with substituted letters similar to the organisation’s web domain names, or mimic the spelling using homographic characters (such as .conn instead of .com). Similar names with hard-to-detect violations in the URL can also be produced through script forgery and skilful use of characters from another language, such as Cyrillic or Hebrew. One solution is to put oneself in the attacker’s shoes and purchase websites that contain relocated or common Cyrillic websites and redirect them back to the organisation’s home page.

The actions recommended here are technical and social-based pro-active solutions developed by our law firm over time. Due to the fact that the Internet is an environment of unrestricted, unlimited and countless variations of options, it is inevitable to use methods that we can even call guerrilla action from time to time. In order to anticipate the deceptive attacks of the attacker, also called social engineering, it is necessary to be in his place and to be one step ahead of him in order to protect our customers, potential relationships, even our family and environment by taking on the mindset of an attacker.

QR Code/ Solution
A barcode or QR Code, which will be easily created by the IT/IT team, will be automatically added to every e-mail sent (like a mail signature), and it will be confirmed by the other party that the e-mail came from us and that we are officially the source of the communication. QR Code scanning is now very easy and is a widely applied and known process as it is frequently rehearsed in cafes and restaurants during the pandemic process. Almost every phone can read the QR Code in seconds by simply showing the code to its camera without downloading any application.

Notifying this point as a header in the e-mails (please scan the QR Code to make sure that this e-mail is from us) and also by noting it in the mail disclaimer under the signature will protect us legally against many problems and hostility. However, in order to consider every possibility, it will be a complementary measure for such illegal money outflows to add control and approval methods against our company’s bank accounts, especially those with foreign connections and high amount movements.

IBAN frauds carried out in this context are one of the most common fraud methods. A similar version of the QR code solution can also be applied as a phishing code. A phishing code is an additional layer of security that allows you to ensure that the e-mail sent or received is sent from your own organisation or secure sender. In this context, the damages that may be caused by phishing messages sent via e-mail by giving the impression that they are shared by your organisation or malicious counterparties can be prevented. When you set the Phishing Code, this code will be added to all messages sent by your organisation. Thanks to the code to be included in the e-mails, it will be easier to determine whether the message is fake or not, just like a QR code, and phishing attempts can be prevented. This code will not be included in messages sent with forgery attempts. This application can be used for cross-border communications and can also increase corporate reputation.

Periodic Reconnaissance and Defence Correspondence
There are many domain name providers in countless regions around the world. Nevertheless, if the attacker can find them, so can we. The tricky part is that some jurisdictions are exempt from international treaties – and therefore from international enforcement and injunctions. It is therefore a necessary and appropriate action to correspond with the registrars here, either directly or through the forms on their websites, and to introduce ourselves. The good news is that these notifications can be made through the aforementioned ICANN organisation, which is at the highest level.

Introducing ourselves at the time of the request of bad-faith registrations from these organisations, running possible infringement registrations to the control lists of these organisations with the keywords we will determine, and creating alarm mechanisms (both through contracts and gentleman’s agreements) will make trademarks and commercial signs protected with a serious spread. Of course, this requires at least one employee to regularly list, update and correspond with these organisations. In addition, domain name scans should be used to check whether similar names have been attacked at frequent intervals.

Information Notes and Disclaimer Submissions
Extra communications to be established by you on various occasions (celebrations, newsletters, catalogues, information notes, etc.) to customers and other contacts (even if they have not yet become customers or will never become customers) will give the opportunity to convey the precautions and cautions mentioned above under the QR Code heading and to introduce the e-mail format of your Institution to the other party at certain intervals. While such communications contain the possibility of a viral interaction that has the potential to spread spontaneously in the counter network, they also have a very high ability to mobilise a contact who is accustomed to the format of receiving news from you by feeling this formal difference when the moment of the deceptive attack comes, and to turn him/her into your teammate at the end unit at the point of defence.

The most unfortunate issue to be realised in internet crimes is that the internet was designed for individuals at the point of origin. Since its first and biggest motto was the utopia of the country of freedoms, its rules and ethics started to be established after a long time. It was never predicted that it would grow so much both in terms of infrastructure and culture, and security concerns were not even in question. As the Internet network grew and its ability to reach the masses and end users was realised, it was unfortunately too late to set the rules when it started to come to mind that this platform could be used for advertising and sales. Since companies and public institutions joined the game much later, it was too late and the so-called internet constitution, the rule of law of lawlessness, could not reach the level of prudence and compliance required for commercial relations and sophisticated communication. This results in the fact that legal processes in cases of violations and offences do not proceed as in real life and often remain in the air.