Domain Name Scams & Online Interaction Guide 101
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Domain Name Scams &
Online Interaction Guide 101
1Domain Name Scams & Online Interaction Guide 101
A. Domain Name brands or any other company, you need to
Domain Name plays an essential role in many conduct due diligence, which may include:
businesses – and scammers – today. The i. Check the verified Social Media pages
purpose of the domain name may include of such companies on whether such
online presence, trademark, custom email a promotion is taking place (some
address, public relations, control on possible posts addressing such
domain name misuse by third parties, domain advertisements, if any).
hoarding/squatting, domain hijacking, ii. Search online for the organisation's
phishing, among others. Practices like actual domain name; ideally, you
hoarding or hijacking are prevalent in many search the organisation's name, and it
developed countries and slowly creeping into will likely get you the results of the
developing countries, either effected by domain name and access it to check
people in developed states or ingenious whether the promotion is mentioned
people in developing countries. or being advertised on the website.
Kenya citizens, among other African citizens, While conducting your online search,
need to understand how to interact with be careful as certain organisations
domain names – while the remark might may have low brand protection and
seem to look down upon African citizens, it online visibility; hence, the scammers
is essential to note that the developed may even have a better listing based
countries are equally facing similar challenges on the Search Engine Optimization
regardless of the developed infrastructure (SEO) practices.
and communication channels. As a result,
Ong'anya Ombo Advocates LLP will provide iii. You may consider making two to
101 Guide Note on interacting with domain three calls to the company to confirm
names and related fields. whether the advertisement or
promotion is proper. The option to
a) Cautious Approach make two or three calls is to
The cautious approach simply requires a hopefully talk to two or three
website visitor or email recipient to be more different customer care service
careful when intending to interact with providers for different opinions
domain names. A malicious person (MP) concerning the advertisement or
understands that issues that trigger a person's promotion.
mind are related to gifts or money. In that
regard, the MP will develop a strategic b) Domain Name Scare to Register
scheme that informs people that a specific Domain Name Scare to Register occurs as a
well-known brand is issuing gifts or monetary result of the Online Brand Protection. In
awards to the public upon taking a particular most instances, big brands or financially
action. It is important to note that famous stable organisations will register more than
brands like Safaricom, Carrefour, EABL, 100 domain names; thus, both the country
Amazon, Facebook, among others, will use code Top Level Domain (ccTLD) and
visible models of marketing to access the general Top-Level Domain (gTLD).
needed audience and not – for instance – However, for smaller organisations, those
through WhatsApp forward messages, with low budget, less interested in online
premium rate services, among others. branding, or lack knowledge on Online
Branding are likely to focus on one or a few
Once you receive a message indicating that domain names that can be put to use – and
there is an ongoing promotion by these these are the organisations or individuals that
are likely to be targeted by individuals
1focusing on scaring them to buying domain domain waterwatadoe.com may be
names that they are not interested in registered with a slight modification with
purchasing. win-waterwatadoe.com. whereby the
“win-” seem to appear as a related or a form
c) Domain Name Authentication of subdomain when it is not related or a
Domain Name Authentication is a process subdomain of waterwatadoe.com.
conducted to understand whether the
domain name that one is about to access is Domain Name Authentication can be
genuine or the email received from the through:
organisation that one has in mind. Initially, i. WhoIs Search:
while addressing the "Logical Reasoning," a. ICANN:
there are initial steps that one can take to https://lookup.icann.org – it
confirm the domain name. However, for is suitable for gTLD
certain organisations, the domain name b. Domain Tools:
might be johndoe.com, but the emails are https://whois.domaintools.c
sent via johndoe.net, email.johndoe.com, or om – it is ideal for both
johndoe.app, among other options. ccTLD and gTLD
The first step is to use your search engine gTLD refers to .com, .org,
(search engine includes Google, Bing, .net, .app, among others.
Yandex, Yahoo, Baidu, YouTube, Facebook. ccTLD refer to .co.ke, .ca,
However, for purposes of this discussion, .ru, co.za, among others.
Google, Bing, Yahoo will be the best options)
to check the organisation name, hoping the In certain instances, it is likely
domain name will appear on the search to find that certain
engine pages and access the link. organisations have requested
the organisation's
One needs to factor organisation’s age and information be redacted for
domain name age as well. In doing so, it will privacy reasons based on
be odd that a well-established organisation Privacy Laws or internal
has a new domain or the data in its profile policies of the domain
does not relate to the organisation. However, registrar – and country where
in certain instances, well-established brands the domain registrar is
will have new domain names; for instance, in located.
Kenya, Barclays Bank Kenya Plc was recently ii. Calling the Organisation.
rebranded to Absa Bank Kenya Plc; iii. Checking the Help/ Community
JamiiBora Bank Limited was recently Forums of the organisation.
rebranded to Kingdom Bank; Gulf Energy, Community forums are common in
Kenol-Kobil were rebranded to RUBiS. It is big organisations like Facebook,
essential to consider that online scammers Twitter, PayPal, Google, among
take advantage of these opportunities to others.
swindle unsuspecting individuals or
organisations during such rebranding d) Website Verification
processes. For instance, a business using a Website Verification is quite different from
domain like waterwatadoe.com can be Domain Name Verification; however,
malicious represented by an MP as verification of one may establish the reason
vvaterwatadoe.com or whether to trust or not trust the other – but
watervvatadoe.com – in these two not all the time. In a few instances, someone
examples, the letter “w” has been switched to might have access to the emailing database of
double “vv” to make it appear as “w” to a company and release the email through the
unsuspecting person. In other instances, the official email of the organisation, which
2means the domain name will check out; auto-installs in the designated gadget and, if
however, at the reply option, the email possible, encrypt the servers' of the whole
address is different from the sender's email organisation, on the other hand, for phishing
address, which means that when responding, purposes, the link will redirect the recipient
the owner (victim one) of the account will of the email to a different domain name,
not know about the communication going on probably with slight adjustments from the
between the third party (victim two) and the original domain name, with a website that is
scammer. better, similar or strikingly similar to the
original one requesting the person to key in
Once you receive an email, it is essential to certain information.
check the upper bar of the email to confirm
whether the email “from” matches with It is important that when such
“reply to.” While there are unique instances communications are received, the recipient
when there might be a difference, this is not verifies with the relevant organisations,
common. Emails with such differences departmental heads, or teammates on
should be treated with caution. Considering whether the email was drafted and sent by the
that a domain name on "from" differs from sender/undersigned.
"reply to," there is a likelihood that the
receiver of that email is about to be scammed It is advisable to adopt the use reputable
or data phished. Virtual Private Network (VPN) when using
internet. The best VPNs are considered to
Phishing of data and system encryption by provide the best encryption that blinds the
ransomware results from such email hackers from intercepting in and out flow of
communications when one clicks a link that data from the gadget.
either automatically downloads a file that
DISCLAIMER: Take note that the information herein is not intended to serve as a legal opinion or advise, and should you need
any clarity or understanding of what this information is about, you are advised to seek professional advice from your legal
3
advisor, lawyer, or the professional person that you deem fit in reference to the questions that you have. In addition, you agree
that, should you rely on this information, you shall not hold us liable, be it directly or indirectly.Ong’anya Ombo Advocates LLP,
4th Floor, Windsor House,
University Way,
P.O. Box 15598 – 00400,
Nairobi, KE.
m: +254 703 672 515
e: hello@onganyaombo.com
w: www.onganyaombo.com
Ong’anya Ombo Advocates LLP © 2021
4You can also read
