Law Firms Must Watch Out for 'Doppelganger Domain Names'
I always thought that the reason for snatching up any domain names that might be confused with the one your company is using was to avoid "cybersquatting," or perhaps to avoid losing website visitors or even customers to a competitor trying to piggyback on your name. And while those are valid reasons, another potentially more damaging reason has now emerged: "doppelganger" domain names that are set up in order to steal emails that are supposed to be going to employees at your law firm or company.
Threat Level reported this week on a law firm -- Gioconda Law Group -- that was the alleged victim of such tactics. In a recently filed lawsuit, Gioconda Law Group alleges that a defendant named Arthur Kenzie registered a "doppelganger domain," GiocondoLaw.com (note the slight difference in spelling), "that is designed to catch email that is intended for the law firm’s domain ... if senders mistype the address." The law firm's complaint asserts claims of cybersquatting, trademark infringement and unlawful interception of a law firm's private electronic communications, and seeks $1 million in damages.
According to an article from September 2011 on the topic, someone who wants to intercept emails can register a doppelganger domain and configure an email server to be a catch-all to receive correspondence addressed to anyone at that domain. Then, when a client accidentally sends an email to firstname.lastname@example.org instead of email@example.com, for example, it will be received not by the law firm but by the person who owns the doppelganger domain "skaden.com." In a study on the subject released in September 2011, researchers testing this vulnerability set up 30 doppelganger accounts for various large companies and managed to attract 120,000 errant emails in a six-month period.
This is not the first domain-related allegation against Kenzie, the defendant in the Gioconda Law Group case. InfoWorld reports that in July 2011, Kenzie purchased the domain names LockheedMarton.com and LockheedMartun.com
to intercept emails intended for defense contractor Lockheed Martin. Kenzie claimed he had been performing research about Lockheed's email vulnerabilities. The ruling panel, however, determined that Kenzie's actions were motivated by a bad-faith attempt to extort money, and ordered him to hand over the domains to Lockheed Martin.
"It is obvious that it was [Kenzie] that created the alleged vulnerability of [Lockheed Martin's] trademark, and his purpose was to offer services to the [the company], looking for a financial gain," the ruling panel stated.
In short, if your law firm's domain name is susceptible to misspellings, add intercepted emails to the list of things you should be protecting against.
Posted by Bruce Carton on June 27, 2012 at 04:16 PM | Permalink
| Comments (2)