Month: May 2011

According to a recent article that appeared in Bloomberg, Entrepreneur Media, Inc. (EMI), the company that publishes the eponymous Entrepreneur magazine, has garnered a reputation of doing exactly the opposite of what it claims to do – “smash[ing] the dreams” of self-starters.

In other words, EMI fiercely defends its intellectual property rights to the term “Entrepreneur,” and aggressively pursues anything it considers to be an infringement on that trademark. The company maintains that it only goes after infringers “in appropriate circumstances, when a third-party use is likely to cause confusion in the marketplace,” but occasionally ventures into dubious territory. For example, back in 2001, it managed to get the nonprofit Donald H. Jones Center for Entrepreneurship at Carnegie Mellon University to change the title of its quarterly alumni newsletter, “The Entrepreneur”.

Such actions have led some, namely those who feel slighted by EMI’s actions, to view the company in a less than favorable light. Scott Smith, a public relations professional from California, operated a firm called EntrepreneurPR until 2003. EMI successfully sued him for infringement and a federal judge ordered Smith to drop his firm name, stop publishing a quarterly collection of press releases titled “Entrepreneur Illustrated,” and to pay EMI over $1 million in damages and attorneys’ fees. Smith is convinced that EMI protects its brand by rolling over smaller capitalists, and even that it uses the legal damages it collects as a source of revenue.

Most recently, EMI has gone after Daniel R. Castro, a Texas entrepreneur, with a cease and desist letter ordering him to stop using the domain name EntrepreneurOlogy.com. In response to the letter, Castro quipped, “I mean, how is ‘entrepreneurology,’ a word I have to admit you can barely pronounce, going to cut into their business?”

Of course, EMI is tasked with protecting a trademark that is a descriptive term, which is no easy undertaking, as the line between descriptive use and trademark use is often unclear. The company argues that while Castro has the right to use the word “Entrepreneur” in a generic sense, he crossed the infringement line when he began using it for his communications business. While this is a valid point, this aggressive approach could end up hurting EMI’s brand reputation in the long run through this constant antagonism.

People interested in acquiring desirable domain names that are already registered often track when these names are about to expire, so that they can quickly register them as soon as they become available. For that reason, it is important for domain name owners to monitor when their domains are about to expire, and to ensure that the names they allow to expire are absolutely nonessential.

Aside from the risk of losing a domain you potentially wanted to keep, an article that appeared in TechCrunch this week points out another important reason to be cautious with expiring domains – they can expose your personal information and even put you at risk for identity theft.

The article relates the experience of Ben Reyes, a British developer and hacker who registered a recently expired domain name. When he attempted to link the domain with Google Apps, he discovered that the previous owner had left that domain tied to Google Apps. After going through the process to prove he was the new owner of the domain, Reyes was eventually granted access to the Google Apps of the domain’s previous owner. Once he signed in, he discovered he had access to the email history, calendar and contacts of a person he did not know.

Reyes also found that this individual owned an Amazon Web Services account, and through a simple password change request, Reyes got access to that account as well. Had he been of more nefarious tendencies, he could have easily gleaned the name and address of the account owner, not to mention his or her credit card information. And moreover, if he had the motivation, Reyes could have found his way into the person’s PayPal, Dropbox, Facebook or any other accounts and stolen personal and financial information.

As of now, Google has not said if it has fixed this vulnerability or not. But a commenter on Hacker News pointed out how easy it is to write a script that scans lists of newly expired domains that are linked to Google Apps, meaning that it’s not too hard to imagine black hat hackers turning this loophole into a widespread scam.

This week, FairWinds published a paper that was the culmination of research into the prevalence of malware among typos of popular websites’ domain names. We discovered that hundreds of these sites expose users to computer-infecting viruses, invasive spyware, or information-stealing Trojan horses.

Typically when we study typosquatting, we focus on the fact that the typographical errors that Internet users make while typing in the domain names of popular websites can cost the companies behind those sites millions of dollars in lost revenue and unnecessary advertising fees. However, in this most recent investigation, we found that users are at risk as well.

In total, we found instances of typo domain names that spread malware across the sites of 82 major brands. These include brands like Google, Microsoft, USA Today, The New York Times, AutoTrader.com and Travelocity.

When a cybercriminal exploits a recognizable and trusted brand name to spread malware, it can be extremely misleading to Internet users, and we have found that they may direct their anger toward the company in question. The FBI backs up these findings:

“We see it all the time,” says Supervisory Special Agent Charles Pavelites of the Internet Crime Complaint Center (IC3). “People believe what they see on the Internet and in emails. If a consumer visits a copycat site hosting malware that looks like it belongs to a legitimate company, he or she is more likely to believe that whatever harm is incurred is the company’s fault.”

When it comes down to it, brand owners must be diligent about enforcing their brands in the domain space and protecting their customers. When malware is involved, that goes beyond protecting against monetary losses to protecting customers and delivering the best online experience, while protecting brand equity in the process.