Consumers who mistyped Twtter.com or dacebook.com ended up at websites with bad intentions. Premium rate lines were involved and soon, following complaints, PhonepayPlus was on the scene and wielding its considerable firepower in the direction of two particular typosquatting exponents, as Hannah Willson reports.
Topic: Telecoms
Who: PhonepayPlus
Where: UK and Amsterdam
When: February 2012
Law stated as at: 3 April 2012
What happened:
PhonepayPlus, the regulator of premium rate services in the UK, fined two Dutch companies, operating premium rate services in the UK, £100,000 each for running premium rate services that breached its Code of Conduct (12th edition) and were promoted through typosquatting websites.
"Typosquatting" (according to Wikipedia) is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to an alternative website owned by a cybersquatter.
R&D Media Europe and Unavalley BV were found to be typosquatting using addresses such as wikapedia.com and twtter.com. When a consumer misspelled the web address they would find themselves on a website with the look and feel of the intended site and where they would be tempted by prizes of iPads to complete a survey, or enter a competition using their mobile number, all the while presuming they were on the legitimate respected website.
£63 charge incurred for SMS messages
In one instance a complainant incurred charges of £63 in SMS messages by the fake site operator. The PhonepayPlus Code of Conduct states that consumer of premium rate services must be treated fairly and equitably and that premium rate services must not mislead or be likely to mislead in any way – conduct that was not observed by R&D Media and Unavalley who misled consumers into believing it was the intended reputable site and did not provide clear and accurate information about the costs involved.
Social media sites are not the only target for these typosquatters. In the lead up to Christmas there was an increase of evidence that cyber-criminals targeted shopping sites such as johlewis.com where the harried customer would purchase their items only to never receive them. Furthermore the typosquatter then had the innocent purchaser's card details to rack up more charges.
PhonepayPlus has issued a guidance note to consumers that set outs 5 tips to avoid typosquatting and it advises the consumer to treat the provision of their mobile phone number as they would their bank details, as well as hovering the mouse over a link or picture and checking that the web address in the bottom of the window is as expected.
For businesses whose brands are being abused in this way, here are some thoughts.
How to protect your brand from typosquatting?
– Find all common misspellings of your brand and purchase the domain names
– Consider buying alternative domain extensions such .org and .net. See http://www.marketnglaw.co.uk/articles/2011/13670.asp for an analysis of cybersquatting of the new top level domain names
– Set google alerts for your brand (and common misspellings) so you can take prompt action if a typosquatter targets your brand
– Register your trademarks so it is easier and cheaper to enforce your rights – this should include your domain name and your logo (and remember to keep the registrations up to date)
Why this matters:
Websense Security Labs, a world leader in security research, has discovered that 62% of links from Facebook typos lead to typosquatted sites. A worrying statistic, that is highlighted further by Websense research that the number of typosquatting sites is in the thousands and proof that it is not only social media sites that are targeted.
These typosquatters are eroding the trust in the digital marketplace as well as respect and trust in well-known brands. It is a growing concern and companies are well advised to take precautionary measures against to protect their own brand.
There is currently no specific law against typosquatting in the UK and therefore your remedies lie within the remit of regulators such a PhonepayPlus where the typosquatting has a 'spin-off' service associated with it, or to take action against the typosquatter for trademark infringement or for passing off. As this cybercrime becomes more prevalent will we see the UK and Europe following the US and imposing a law against registering domain names in bad faith?
As has been demonstrated, the PhonepayPlus sanctions only go so far and they do not have the power to remove the fake site from the web. At the time of writing the www.twtter.com site was still active and running a premium rate service, albeit with a facelift so there is no possibility of confusion with the genuine twitter site. It is yet to be seen if twitter, Wikipedia and Facebook will take action in the UK directly to protect their brand.