Microsoft just won a battle it has been fighting behind-the-scenes for some time now, and winning the battle means getting pretty much immediate access to 99 domains. Okay, a little background would probably help, here’s the scoop:
The OS maker sued and won a restraining order that allowed it to take control of 99 web domains that had been previously owned and operated by a group of Iranian hackers known in cyber-security circles as APT35, Phosphorus, Charming Kitten, and the Ajax Security Team.
The domains had been used as part of spear-phishing campaigns aimed at users in the US and across the world.
APT35 hackers had registered these domains to incorporate the names of well-known brands, such as Microsoft, Yahoo, and others. The domains were then used to collect login credentials for users the group had tricked into accessing their sites. The tactic is decades old but is still extremely successful at tricking users into unwittingly disclosing usernames and passwords, even today. (Source – ZDNet)
This is a particularly interesting case and one that I think definitely will make hackers and scammers think twice about registering Trademark-infringing domains. There has often been the thought that registering a domain outside of the US means you’ll be safe from US companies, but this proves (as have other cases in the past) that’s not going to fly.
Domain names carry a lot of weight and trust, and it’s easy for a consumer to get confused if they see a huge company that they know and work with in a domain name, they, not surprisingly, think it’s the company contacting them. I’ve also seen new domain investors make this mistake, they’re up late searching for available domains and find that some amazing domain they never thought would be available, is right there, open to register. While this usually can be resolved by force dropping a domain, I’ve heard some pretty scary stories.
The reality is, companies are getting more and more aware of their rights when it comes to domain names, and as Microsoft just showed, it doesn’t matter where in the world you are, if you’re using a company’s name to run a scam, your days are probably numbered.