保护您的组织免受域名抢注

不，这篇博文不是关于虚拟瑜伽或普拉提的! Cybersquatting (also known as domain squatting) is the practice of registering, trafficking in or using an internet domain name with a bad faith intent to profit from the goodwill of a trademark belonging to someone else. Cybersquatting raises cybersecurity concerns because hackers commonly register domain names that are confusingly similar to an organization’s domain name in an effort to trick employees or customers of the organization into clicking malicious links or providing credentials or other sensitive information. 

A hacker, for example, could register a confusingly similar domain to “isaca.Org”，如“isaca”.Com”或“isaco”.org.” Then a hacker wanting access to ISACA could send a phishing email from “isaca.com/password verification” to employees requesting that they verify their password by entering their username 和 password on a lookalike site. 

这是一种极其狡猾的域名抢注, sometimes referred to as “script spoofing” or a “homograph attack,” involves registering domain names with special “Unicode” characters (e.g., Cyrillic, Greek, or Latin characters) that look almost identical to the st和ard English alphabet. 例如, the English character “a” looks almost identical to the Cyrillic character “а,但如果是“isaca”.org "域名被一个西里尔字母" a "注册,” it would be an entirely different domain name that is almost indistinguishable from ISACA’s.

在这里 are a few tips for organizations to help reduce the impact of cybersquatting 和 related techniques:

1. 注册并注册您的域名: First, secure domain names relevant to your brand or business. Consider registering domains for longer periods to deter cybersquatters 和 set an electronic alert to remind you when you will need to extend your domain registration. 也, consider registering any trademarks related to the domain in order to establish legal rights to your brand.

2. 考虑注册域名中常见的拼写错误: It is generally not feasible to buy every possible domain name thAt类似于您组织的域名, but your organization should consider purchasing the most common misspellings before someone else does. Several websites purport to help you identify the most common misspellings of a domain name, like 域名拼写错误 和 免费在线工具查找常见的域名拼写错误. Other tools purport to help determine the degree to which a domain name can be 欺骗.

3. 监控域名抢注: Organizations should monitor for registrations of confusingly similar domain names both to protect their trademark 和 reduce cyber risk. There are many organizations that offer cybersquatting monitoring services, 包括MarkMonitor和Br和Verity.

4. 使DMARC:启用基于域的消息认证, Reporting 和 Conformance (DMARC) along with Sender Policy Framework (SPF) 和 DomainKeys Identified Mail (DKIM) to help your organization protect its domain from email spoofing 和 phishing attempts by allowing it to specify how email authentication should be h和led 和 providing insights into the email traffic using your domain. DMARC, SPF和DKIM enhance email security 和 help recipients verify the legitimacy of incoming email.

5. 培训员工: 培训员工 to report cybersquatting 和 欺骗 domains. 也减少了网络钓鱼的影响 定期钓鱼演习 电子邮件安全解决方案.

6. 应对域名抢注如果你发现了域名抢注，请咨询 ICANN’s Uniform Domain-Name Dispute-Resolution Policy (UDRP). 最终, you may have to bring litigation against the improperly registered domain names themselves, seeking to have the court order that the domains be transferred to you. 一种选择是向法院提出索赔 世界知识产权组织(WIPO). 在这里 is a good example of one such lawsuit filed in US federal court. 在很多情况下, nobody will show up to defend these lawsuits 和 the court will enter a default judgment in your favor. But be prepared for the rare defendant that actually wants to litigate. 

Like other aspects of cyber 和 intellectual property crime, 没有防止域名抢注的灵丹妙药, but these techniques can significantly impact an organization’s risk. If you have questions or need additional information, please feel free to 在领英上联系.