Social Media Fraud and Online Scams
Impersonation on the internet is not new and imposer social media accounts are on the rise, with ...
Impersonation on the internet is not a new issue and the issue of imposer social media accounts is on the increase as these accounts can be set up in minutes.
Impersonation on social media takes various forms but broadly refers to profiles or accounts that feature the name or image of an individual or organisation which is most likely used for fraudulent purposes.
Typically, the perpetrators use the same photos, names, descriptions or hashtags as the official accounts. In an attempt to add legitimacy to the bogus accounts, the perpetrators may create other seemingly innocuous accounts in the name of random individuals with no connection to the brand and use them to “like” or post comments to the main imposter account.
The fact that a given imposter account may have enough likes or comments may be enough to convince users seeking the brand owner that the imposter account is in fact the genuine one.
On social media platforms such as LinkedIn, impersonation of employees and directors are frequently encountered, but increasingly impostor accounts can be found on Facebook and Instagram as specific pages, profiles or groups.
Once these bogus accounts are created the perpetrators may start sending private messages directly to victims or redirect them to external websites. They may also even encourage victims to contact them via WhatsApp. WhatsApp and other messaging services such as Telegram, have the obvious advantage in that its communications are almost impossible to monitor and the perpetrators can groom their victims, safe in the knowledge that the targeted brand owner may not be aware and therefore unable to intervene.
Bogus social media accounts are frequently used to perpetrate multiple online scams at the same time. For example, Business Email Compromise scams (“BEC” scams) are not new but are a form of phishing where criminals attempt to dupe brand owner executives or employees into revealing sensitive information or even transferring funds. These emails are harder to detect as they are tailored to specific individuals. Increasingly, criminals are using copycat social media profiles (on Linkedin and Facebook in particular) with the aim of convincing the recipients of emails, that they are in fact genuine. These scams affect brand owners both large and small, from multinational companies to start-ups.
On the one hand, smaller sized brand owners may not have official social media accounts for either the company itself or their executives, so they are often easy prey for online criminals who will try to take advantage of the gap and attempt to dupe the brand’s customers and potential customers. At the other end of the scale, brand owners with a more established social media presence are also attractive to criminals as they know the brand already has a significant number of followers and potential customers to target.
From an enforcement perspective, Lexsynergy still recommends that brand owners ensure that they have a social media presence for their company and for key executives which are then ratified or authenticated as official accounts. It is far easier to report a case of impersonation if the brand owner concerned can point to their official social media accounts being cloned or mimicked.
Secondly, whilst automated searches on social media platforms for the brand name and the names of key executives can help to alert the brand owner to suspicious accounts at an early stage, there is considerable value to be had by periodically conducting manual searches for those keywords.
Finally, as a general principle prevention is always better than cure, Lexsynergy recommends brand owners have visible scam warnings on their official websites and social media accounts which are regularly updated to take into account how the perpetrators adjust their tactics to perpetrate their scams.
Account security is also important. If brand owners operate social media groups, they should ensure that several employees have “admin” rights in the event that one of their administrative user accounts is compromised, the other users with admin rights would be in a position to mitigate the damage caused.
If your brand is having issues with social media fraud, be sure to reach out to our brand protection team who will be able to provide specialist support to combat these issues:
Russia effectively legalised patent theft last week, declaring that the unauthorized use of patents belonging to businesses affiliated with the UK, US, EU, Australia, Ukraine and 17 other “unfriendly nations” will not lead to the affected businesses being compensated.
In addition to this decree, officials in Russia have also hinted to the possibility of removing restrictions on trade marks, according to their state media, leaving large multi-national brands with no legal recourse should copycat businesses utilize the brand as their own.
Opportunists in Russia have already looked to capitalise on this situation, with trade mark applications being filed for businesses that strike a significant resemblance to marks belonging to Ikea, Instagram, McDonald's, and Starbucks. Despite the substantial resemblance these marks have to huge multi-national brands, there is very little these companies can currently do to protect their brands, as the Russian courts will be stacked against them and its unlikely that they will be able to find local counsel due to safety concerns.
This leaves officials of companies operating in Russia in a very difficult scenario, where on one hand, they can protect corporate assets by continuing to operate in Russia (although this likely comes with significant moral and political backlash for the business); or they can halt operations and run the risk of their brand being infringed or diluted, as seen with the Peppa Pig trade mark ruling.
Last week, a Russian court ruled that the Peppa Pig character’s trade marks could be used by Russian businesses without punishment, after Entertainment One - who own the rights to the children's series - had taken legal action against a Russian man who had drawn his own versions of Peppa Pig. When providing the ruling the judge cited the "unfriendly actions of the United States of America and affiliated foreign countries", illustrating how brands from these countries have no immediate recourse to protect against their stolen IP.
In the past, there may have been other avenues available to resolve such cases, and in theory, the World Trade Organization could settle any IP disputes between the U.S. and Russia under the Agreement on Trade-Related Aspects of Intellectual Property Rights. However, even though both countries have signed onto the treaty, this route is unlikely to prove effective due to the suspension of diplomatic relations, with the US already stating that “the normal rules for our international commercial interaction are over.”
So what does this mean for domains?
There are a number of Russian domain extensions that may see a rise is squatting and other forms on unlawful use considering the Russian Governments approach to IP enforcement. The domain extentions .рус, .moscow and .москва (Cyrillic for Moscow) fall within the UDRP, however .ru, com.ru, .su (Soviet Union – believe it or not!) and .рф (.RU in Cyrillic) are subject to local Russian laws.
At the best of times, local Russian domain disputes can take time and substantial amounts of money to resolve.
If you are able to keep your Russian domains, do so. Do not let them expire! If you are able to secure additional domains to reduce your exposure, register those key domains. Our suggestion is subject to the sanctions applicable in various countries so make sure that the appropriate due diligence is conducted.
Over the years, a number of our clients have reported that they have received emails from Chinese domain name vendors, stating that a third party intends to register their trade mark as a domain name under various Top Level Domain (TLD) extensions.
This form of email communication is a scam, with its intended purpose to frighten trade mark owners into registering domain names with the company that originated the email, at an inflated price. We first wrote about this scam in August 2008 and still to this day, we are seeing this type of scam being reported.
We insert below a sample of the type of email that is received by brands, although we have replaced the trade mark with 'yourbrandname'.
We are a domain name registration service company in asia, which mainly deal with international company's in Asia. We have something important we need to confirm with your company.
On Feb 22, 2022, we received an application formally. A company named "Tambora International Holdings Ltd" wanted to register the following Domain names:
After our initial examination, we found that the keywords and domain names applied for registration are the same as your company's name and trademark. These days we are dealing with it. If you do not know this company, we doubt that they have other aims to buy these domain names. Now we have not finished the registration of Tambora company yet, in order to deal with this issue better, Please contact us by telephone or email as soon as possible.
The domain names mentioned in these scams are usually registered on a “first come, first served” basis so there is no reason to report such a risk to a trade mark owner.
If the trade mark owner responds the scammer usually registers the domain names, under its own name, as the response indicates that the domain names are of value and have the potential to generate income for the scammer. The trade mark owner is then in a predicament, "Do they buy a domain name back or institute legal action for a domain name they never wanted?"
If you receive such an email it is advisable to ignore it. If the email includes a domain name that you may want to secure, always register it through your own provider or at www.lexsynergy.com.