As eCommerce accounts for an ever-growing share of retail sales, rogue websites have become a special concern for brand owners seeking to protect their valuable intellectual property from counterfeiters and others seeking a “free ride” on the brand’s goodwill.
Just last week, the Department of Justice announced that a man had plead guilty to selling more than $2.3 million in pirated software through several websites he ran from his Annandale, VA, home.
While some brand owners have strict controls in place–for regulatory or brand protection reasons–limiting the number of web sites offering their goods, others do not. Either way, brand owners are well-served by monitoring the internet for rogue websites.

Suspicious websites

Brand owners and consumers alike can look for these common-sense indicators that a website is not legitimate:

  • suspicious logo, i.e., upside down, wrong color, wrong location, outdated.
  • Poor grammar and spelling.
  • Complaints about the site found on the web.

URL changes

The SANS Institute recently reviewed this issue and added another flag to help identify fake web sites:

Criminals will often use the brand name of the goods you are searching for in the URL so they look legitimate to you. But they also frequently change the URLs of their counterfeit websites, making it harder to shut them down. As a result, criminals will often use several different domain names and e-mail addresses during the purchasing process. For example, . . . the cyber criminals may have one domain name for the website (such as brandxbabycarriers.com), another domain name for the e-mails they send you (such as from sales@brandxcarrierstogo.com), and a third domain name for support e-mails (such as support@babycarriersbrandx.com). All these different domains are another big red flag. See “Counterfeit Websites,” OUCH! Aug. 2012.

The ownership information of those various domain names may also assist the brand owner in determining whether a web site(s) is suspicious. In some instances, the brand owner may be able to have those domains transferred to the brand owner.

Sources: The U.S. Dept. of Justice for the U.S. Attorney’s Office for the Eastern District of Virginia website; The SANS Institute website; and The SANS Institute OUCH! Aug. 2012.


This article was prepared by Sue Ross (sross@fulbright.com / 212 318 3280) of Fulbright’s Privacy, Competition and Data Protection Practice.