Vadym / Shutterstock.com
Online infringers are cunning, resourceful, and getting harder to catch, Tom Phillips discovers.
When hunting the perpetrators of online fraud, the U.S. Department of Justice (DoJ), trademark practitioners, and brands share a common purpose. However, as registrants in yesterday’s educational session Scams, Frauds, and Other Misdeeds on the Internet discovered, the DoJ has far more powerful tools at its disposal than the others.
When Evan Williams, International Hacking & Intellectual Property Attorney-Advisor for Asia at the U.S. Department of Justice (Hong Kong SAR, China), is hunting down online fraudsters, he said he can look to obtain search warrants and subpoenas, and coordinate investigations with law enforcement operations in other countries to orchestrate simultaneous takedowns where necessary.
During a recent case involving COVID-19 Internet fraud, in which websites were offering, but never delivering, hand sanitizer and disinfectant wipes, U.S. law enforcement was able to secure the cooperation of its counterparts in Vietnam. As a result, Vietnamese officials were able to locate and detain three people who were operating more than 300 websites in the U.S. Working together, they tackled “the bodies in Vietnam and the websites in the U.S.,” said Mr. Williams.
“Phishing attacks generally do the most damage within the first 24 hours. This is particularly difficult for brands.” - Russell Pangborn, Seed Intellectual Property
An Uphill Struggle
According to Mr. Williams, while there are some criminal geniuses out there, what is truly concerning is how easy it is for anyone to commit cybercrimes. Phishing kits, for example, are widely available for purchase and come complete with helpful instructions.
Fellow panellist Russell Pangborn, Partner at Seed Intellectual Property (US), said that phishing attacks generally do the most damage within the first 24 hours. This is particularly difficult for brands, given the time that it can take for firms to access information related to the perpetrators.
“The need for data access on this is urgent, and the timing is so problematic,” he said.
Frederick Felman, Chief Marketing Officer at AppDetex (US), explained that when the EU General Data Protection Regulation was implemented in 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) reacted by redacting its previously available WHOIS information.
“While there are some criminal geniuses out there, what is truly concerning is how easy it is for anyone to commit cybercrimes.” - Evan Williams, U.S. Department of Justice
WHOIS had historically shown information relating to the registrants of domain names, allowing other interested parties to identify and contact them—for example, when brands needed to pursue enforcement against cybercriminals.
ICANN’s decision to redact that information means it takes longer for brand owners to tackle a bad domain, Mr. Felman said, resulting in a “rapid deceleration” in the resolution of these events.
The restrictions in place in relation to WHOIS is a “real handcuff” on cybersecurity firms, IP lawyers, governments, and those looking to conduct business in the domain name space, Mr. Pangborn added.
“When the EU General Data Protection Regulation was implemented in 2018, ICANN reacted by redacting its previously available WHOIS information.” - Frederick Felman, AppDetex
The Brand Perspective
Signe Naeve, Director, Corporate Counsel, Intellectual Property at Starbucks Coffee Company (US), who moderated the session, noted that scams tend to evolve with news cycles and current events such as, most top of mind, the COVID-19 crisis.
Commenting on the prevalence of cybercrime, she pointed out an “upside” stemming from the pandemic for those investigating illegitimate online activity.
“With more people working from home, that means a lot of the bad actors are working from home too,” Ms. Naeve said. “And guess what, they’re not communicating in a back alley or in a warehouse. They’re having to communicate a lot more online, so there is actually a larger digital footprint for investigators to follow.”
Also capturing major coverage in the news has been the Black Lives Matter movement. Earlier this year, Starbucks received negative press attention after it was discovered that its uniform policies prohibited baristas from wearing pins signifying support for the movement.
“With more people working from home, that means a lot of the bad actors are working from home too.” - Signe Naeve, Starbucks Coffee Company
Starbucks wanted to address this negative reaction and support its employees, explained Ms. Naeve, so it commissioned a shirt for baristas to wear, should they choose to, as part of their uniform. The company designed the shirt, which featured movement-related graphics and words on the back, purely for the benefit of baristas, and it was not a money-making scheme, she added.
However, after the design received press attention, counterfeit versions of the shirt began quickly to appear online. These were easy to identify, Ms. Naeve said, because the illegitimate shirts featured the design on the front, not on the back.
Here, the scammers had seized the opportunity provided by current news of the Black Lives Matter protests. “What’s happening in the news aligns with what’s happening on the bad guys’ radar,” Ms. Naeve confirmed.
INTA 2020, scams, online infringers, DoJ, fraud, COVID-19, brand owners, bad domain, cybersecurity, IP lawyers, BLM, Starbucks, design, trademarks