The domain protection game

As the pandemic increases the risk of online fraud, one company is helping brands fight back. WIPR met with Stuart Fuller of CentralNIC Group to find out more.

For Stuart Fuller, website domain names are more than just online real estate for brands. As head of brand services and commercial operations at CentralNIC Group, one of the world’s fastest-growing domain and IP companies, they also offer rich pickings for criminals. 

The company is a heavyweight in the domain name industry. It sells domain names to brands and organisations, but that is only the start of its offering. The brand protection services that follow are Fuller’s expertise. 

“We have every facet of the domain story within our business and we believe brand protection starts with domain names,” says Fuller, who oversees BrandShelter, at the heart of CentralNIC's brand services division, devoted to protecting brands against IP infringements and a wide variety of malicious attacks. 

“There’s a natural flow from the domain name work into the brand protection work,” he adds.

BrandShelter works by first understanding a brand’s domain strategy (or helping it to create one), leading to the management of domains in relevant territories, which leads to strategies to prevent IP infringements such as cybersquatting, or fraudsters using a brand’s IP to deliver malware to unsuspecting web users. 

During a global crisis like the COVID-19 pandemic, brands need all the help they can get. 

“Through the intelligence we have and the tools we use, we know a significant amount about a brand’s presence online. Now whether that’s their genuine presence or someone else pretending to be them, we can see a lot of that information because we can see so much of the domain name data,” explains Fuller. 

The company can look at patterns and trends with registrations and advise its clients accordingly. It can also act on their behalf, by speaking directly to the domain registrar, or by using the registrars’ own anti-infringement tools. 

These tools have changed significantly. “What we’re seeing is a real shift in the domain name world to stop IP abuse at the earliest possible stage,” says Fuller.  

Coronavirus criminals

The pandemic, he says, is a big driver in the implementation of these tools, as registrars try to stop bad actors from taking advantage of the crisis. Fuller and his team are seeing a “significant” number of domain registrations related to the pandemic, such as ‘coronavirus’, ‘COVID-19’ and ‘vaccine’. 

“The threat for organisations and brands is where these keywords are being registered alongside their brand without their knowledge,” explains Fuller, who offers the scenario a pharmaceutical company may face. 

This fictitious company, Big Pharma, is unaware that someone has registered the domain ‘COVID-19vaccinebigpharma.com’. 

This domain sells ‘vaccines’ under the Big Pharma brand, marketing on social media—”at very low cost”, says Fuller—to divert customers to the fake site. Big Pharma may know nothing about the venture until it is brought to the legitimate brand’s attention, by which time it has already damaged Big Pharma’s reputation and duped thousands of people.

BrandShelter monitors the web and will flag if anyone registers a domain featuring ‘Big Pharma’ as a keyword. It would then move to shut down the domain and make sure it stays down. 

“In any major global event, there will be people out there within a blink of an eye, registering domains and looking to exploit the situation,” says Fuller. 

In another example related to the coronavirus outbreak, the company has seen two scams operating in Germany. In these cases, criminals cloned a government website, which businesses were duped into thinking was the official form created to help businesses apply for financial support. 

Businesses applied for grants on the fake site and the crooks, using the information supplied, applied for grants on the real government site—only this time with a different bank account. The government, unknowingly, paid out to the criminals before the sites were pulled down and later, arrests made. 

“It is the perfect environment for this type of online crime,” warns Fuller. “It’s scary because it’s so easy to do. You can register a domain within seconds and copy the code from an existing, legitimate website very quickly. 

“You can then make your new website live within an hour and then use a fake social media profile to start to market the fake product. Using a network of fake accounts and bots, it is all too easy to then like, comment and retweet to lend some fake authenticity to the website. A malicious attack on a brand can spread very quickly.”

Growing fast

CentralNIC started life in the UK in 1996 as a domain registry (it has more than 18 million domains under management in its registry division alone today). Through a series of acquisitions, it has grown into one of the largest companies in the domain name and IP sector. 

Its November 2019 purchase of Munich-based Team Internet took the company into yet another area—domain parking: basically the monetisation of unused domains—and continued CentralNIC's appetite for expansion. 

Meanwhile, Fuller’s 50-person department is working hard to grow organically. Containing a mix of sales, marketing, product, support and development, its portfolio includes corporate domain management, brand protection, domain security, and domain name systems (DNS) solutions. 

The Brand Services team is truly global, with members based in the US, UK, Germany, New Zealand, Australia, UAE, South America and China. Cross-referrals can come from anywhere the company does business, so working around colleagues’ time zones is just another part of the job. Aside from meetings at big events, a lot of the company’s client interactions have always been done remotely, which has been a useful setup during any COVID-19-related lockdowns. 

“We’ve not had to adapt very much. We’ve always worked in a remote but collaborative way,” he says. 

Outside CentralNIC, Fuller is chairman of Lewes FC, a lower league football club in the UK county of Sussex, famous for being the firm football club anywhere in the world to pay its women’s players the same as the men’s side. Prior to the UK’s lockdown, Fuller would frequently travel to the club in the evenings, spending the 60-mile journey to talk to his colleagues in the US, New Zealand and Australia. 

When WIPR spoke with him, all football—and the trips to the club—were suspended. It’s sad for the football fanatic, who has spent five years in the chair and in normal times meets regularly with the manager, scouts and players. 

The experience is rewarding for other reasons, however. “I’ve found there are a lot of transferable skills. This year, we didn’t have the best season so you equate it to a sales team that isn’t hitting its numbers. You set your strategy and plan at the start of the year or season and review on a week-by-week basis. You’re trying to understand why things are and are not going according to plan and put improvement plans in place. It has taught me a lot,” he says.

One of the most useful items has been the importance of building a team, not a group of individuals. 

“This must include people who can do some things a lot better than I can, which encourages me to delegate to the best people for the job,” Fuller says. 

“I invest a lot of time into getting the right characters around me. I’m clear where my weaknesses are and know the type of individuals I need to bring in,” he explains. 

Client services

Fuller’s day job is taken up with achieving double-digit growth from the existing brand services clients (home to BrandShelter), plus a significant increase in new business development in the brand and IP protection space. 

When looking at protecting brands, clients can sign up to one or a mix of services under four areas that BrandShelter calls detection, analysis, takedown and action. 

The underlying services range from protecting brand owners’ online presence, reputation, and revenues from fraudsters, cybersquatters and counterfeiters, to helping brand owners obtain, manage, protect and develop their internet presence under exclusive top-level domains, known as DotBrands. 

Fuller’s number one objective for 2020 is getting “new business through the door”. To do this, he’s looking at strategies for the brand services division in countries where there is potential for rapid growth, including the UK, Australia and the Nordic countries. 

His other main task is growing the product set offered by brand services both through product development but also via more acquisitions. 

“It’s about understanding where the product and market gaps are and looking at how we can either build, buy or partner with companies in those areas. Are we going to build the product ourselves, look at an acquisition or partner with someone else to achieve that growth?” he explains.

Given the company’s desire for expansion, we can expect to hear more on that soon. Vulnerable brand owners facing the daily reality of attacks on their online presence, especially during these challenging times, will ultimately be the ones to benefit.