Global protection for your brand
Many top-level internet domains are used for alternative purposes
Many Dutch organisations monitor the internet for potentially abusive domain name registrations. Tools such as SIDN BrandGuard provide information about domain name registrations resembling the user's brand name. One question that often crops up in that context is: how extensive should monitoring be? Should a Dutch brand owner be looking at domain names with non-Dutch extensions, for example? In many cases, we believe they should. There are several reasons why.
Users don't always recognise extensions
Many top-level internet domains are used for alternative purposes. For example, Montenegro's country-code domain .me is used for personal websites (tikkie.me), while Libya's .ly domain has been adopted for the bit.ly URL shortener. Also, the differences between extensions are sometimes small, meaning it's easy to mix up .tk (Tokelau) with .tr (Turkey), for example. Similarly, Colombia's .co looks quite like .com, and Mali's .ml like our own .nl. Cybercriminals take advantage of such similarities. That was illustrated by a recent report about phishing, highlighting .ml as a prominent phishing domain. And why do scammers like .ml? Because it's handy for tricking Dutch internet users.
Position | TLD | Number of domain names | Number of phshing domains | Number of phishing attacks |
|---|---|---|---|---|
1 | .com | 151,931,301 | 43,753 | 58,685 |
2 | .xyz | 3,136,553 | 4,059 | 4,271 |
3 | .tk | 25,644,936 | 3,798 | 3,829 |
4 | .top | 3,748,802 | 3,003 | 3,064 |
5 | .buzz | 604,706 | 2,704 | 2,716 |
6 | .ga | 5,057,226 | 2,574 | 2,599 |
7 | .ml | 4,162,031 | 2,559 | 2,582 |
8 | .net | 13,705,756 | 2,319 | 3,339 |
9 | .info | 4,787,440 | 2,316 | 2,449 |
10 | .cf | 4,453,018 | 1,915 | 1,927 |
11 | .gq | 3,692,011 | 1,738 | 1,749 |
12 | .org | 10,648,071 | 1,639 | 2,182 |
13 | .icu | 6,611,658 | 1,589 | 1,651 |
14 | .wang | 1,392,249 | 1,385 | 1,386 |
15 | .ru | 4,867,074 | 1,281 | 2,069 |
16 | .cn | 15,961,895 | 1,216 | 1,262 |
17 | .online | 1,586,898 | 1,173 | 1,187 |
18 | .live | 719,372 | 1,116 | 1,121 |
19 | .br | 4,442,239 | 1,103 | 1,241 |
20 | .in | 2,284,123 | 926 | 1,033 |
Table 1: Top 20 phishing domains (source: Interisle.net).
Fraudsters are creative
At a glance, mail from support@abnam.ro may well look legit to customers of ABN AMRO bank. When it's really from fraudsters making creative use of Romania's country-code domain. The moral: how you spell your name is likely to make some non-Dutch extensions more attractive than others for scammers looking to cash in on your brand. Wide-scope monitoring picks up abuses you might not have thought of, enabling prompt countermeasures.
Wide-scope monitoring pays
Against that backdrop, we advise anyone who wants strong domain name protection to monitor registrations in other countries too – even if you aren't active there. Non-Dutch registrations may involve risks and intervention opportunities you're not aware of. We often hear about brand owners leaving the monitoring of foreign registrations to partners in the relevant countries. However, a scam based on a .ml domain that targets Dutch users in Africa won't generally catch the eye of those partners, because the victims aren't local.
SIDN BrandGuard with global coverage
Most internet domains around the world publish lists of all the domain names they contain (known as 'zone files'). Where a zone file isn't available, it's usually possible to look up the relevant data in SIDN BrandGuard. Our Domain Name Surveillance Service offers worldwide coverage. It will check all the available zone files for domain names resembling your brand name. So that you get alerted promptly to any suspect registration, wherever it happens.
Want to know how SIDN BrandGuard with global coverage could protect your brand? Please contact our product manager Pim Pastoors, via +31 6 570 454 07 or pim.pastoors@sidn.nl.