Google Maps falls victim to look-alike domains


    - by David Goldstein -

    Trademark owners need to be on the lookout for many different attacks from cybercriminals. One of those is “look-alike” domains, domain names that look like a brand’s but use characters that, to the casual eye, “look like” the brand’s domains.

    When mimicking a brand’s domain name with a look-alike domain, the cybercriminal will often use internationalised characters, that is non-Latin characters from another language in what is often referred to as typosquatting. But the criminals can also use Latin characters, such as replacing a “g” with a “q”, or “o” for “0”, which is what happened to Google Maps’ domain names in two disputes recently.

    In 2021 Google filed a case under the Uniform Domain Name Dispute Resolution Policy (UDRP) because of a visual similarity with two domains. In one the two “o”s in were replaced by two “0”s -, while in another they replaced a the “g” with a “q” -, according to an article highlighting the issue on the Giga.Law blog by Doug Isenberg.

    Isenberg explains his perspective

    In the blog posting Isenberg explains when he “visited the websites associated with each domain name shortly after the UDRP decisions were [issued, he] found, in one case, a page that tried to get [him] to install a suspicious ‘URL Safety’ extension in [his] web browser; and, in the other case, a so-called “Windows Defender Security Center” notice urging [him] to contact ‘Windows Support’ at a phone number that was displayed.” Isenberg notes how such domain names can be easily overlooked when included as links on a website or in phishing emails. It’s not common that users would deliberately type in such a domain name.

    A reminder for trademark owners

    Both cases Isenberg notes were easy wins for Google with a result of the domain names being transferred to the search giant. But as Isenberg notes, “these lookalike domain name disputes should remind trademark owners that there’s really no end to the deceptive techniques that cybersquatters will employ, but fortunately the UDRP is usually a very effective way to deal with them.”

    Read the full article by Doug Isenberg, and see the accompanying video here.

    Please feel free to contact the Brandshelter team to learn how you can protect your business from look-alike domains.