Introduction
January 2025 has seen two recent news stories of particular significance from a brand protection and online security point of view. The first of these surrounded the temporary ban in the US of Chinese-owned social media platform TikTok, on security grounds[1]. The second story also concerns Trump who, in the days prior to his inauguration, launched a meme-inspired official cryptocurrency (Official Trump, or $TRUMP)[2], the value of which had climbed from its initial price of $0.18 to $72 by 7am EST on the following Sunday, making the President an estimated $50 billion[3,4].
Many previous analyses have noted the links between real-world events and subsequent spikes in associated infringing activity, as a means of taking advantage of increased levels of public interest and search volumes. These two new stories - particularly in view of the amounts of revenue with which the brands in question are associated - are likely to be no exception.
Infringement landscape
There are a few obvious possible infringement 'hooks' in these cases. For TikTok, many observers[5,6] predicted a rise in scams of a range of types, such as those relating to purported methods for circumventing the ban (such as fraudulent VPNs) or offering fake versions of the app. In addition, with the push of would-be former TikTok customers towards the alternative platform RedNote (also known as LittleRedBook or Xiaohongshu)[7], this brand may have been, and still be, subject to similar issues. Additionally, it is likely to also subject to an increase in infringements targeting other brands on the platform itself, in view of its increasing popularity[8]. The Trump coin is also likely to be targeted by fake versions and a range of other scams typically associated with cryptocurrencies, a common forum in which Web2/Web3 'crossover' content is manifested[9].
In this article, we consider the landscape of newly-registered ('Web2') domains relating to the TikTok/RedNote and Trump stories, as a proxy for the overall infringement landscape, and offering a dataset which is easily searched and analysed.
The datasets make use of (gTLD) domain-name zone-file data (as of 20-Jan-2025), considering the following searches for 'high-risk' domains:
- Domains containing 'tiktok' and any of the 'high-risk' keywords: 'vpn', 'download', 'login' or 'access' (216 domains)
- Domains containing 'rednote' at the start, or 'rednote' plus any of the 'high-risk' keywords: 'vpn', 'download', 'login' or 'access' (514 domains)
- Domains containing 'trump' and any of the 'high-risk' keywords: 'coin', 'meme', 'crypto', 'bitcoin' or 'fight'[10] (1,703 domains)
Looking at the dates of registrations of the domains (where available via automated look-up), there is a striking spike of activity around the dates of emergence of the associated news stories (Figure 1), which is significantly disproportionate to the pre-existing 'background' levels of activity (average daily number of equivalent registrations in Q4 2024 is 0.196 for 'tiktok', 0.054 for 'rednote' and 1.620 for 'trump'). The numbers of registrations for 'tiktok' are surprisingly somewhat low, but it may be that some of the domains registered in the few days prior to the analysis are not yet reflected in the zone file data.
Figure 1: Daily numbers of registrations of 'high-risk' 'tiktok', 'rednote' and 'trump' domains, since 01-Jan-2025
Nevertheless, it is clear that a range of infringements of various types are already in place. Of the 'high-risk' domains, 1,064 produce some sort of website response (97 for 'tiktok', 187 for 'rednote', 780 for 'trump'), and Figures 2 and 3 show some examples of live sites of potential concern - all registered since the start of January.
Figure 2: Examples of websites of concern associated with 'high-risk' 'tiktok' or 'rednote' domains registered since 01-Jan-2025 (SLDs[11] shown in each case) (top to bottom):
- Potential phishing (rednote)
- Potentially non-legitimate / malicious VPN downloads (freevpnfortiktok)
- Potentially non-legitimate / malicious app downloads (rednoteapk, rednoteapp, rednote)
- Sites purporting to offer other associated services - file back-ups (downloadtiktoks), sale of followers (rednotefollower)
Figure 3: Examples of websites of concern associated with 'high-risk' 'trump' domains registered since 01-Jan-2025 (SLDs shown in each case) (top to bottom):
- Purported sale or distribution of Official Trump cryptocurrency (gettingtrumpsmemes, firsttrumpmemecoin, officialtrumpmeme, buy-trump-coin)
- Use of Trump name in unauthorised / third-party cryptocurrency (aitrumpcoin, pepetrumpcoin, etrumpcoin, babytrumpmemes)
Discussion and Conclusion
It is evident that these two prominent stories have - predictably - triggered a spike in infringements, with the risks in these cases taking a number of forms. These include potential phishing, distribution of potentially malicious content, fraud, and unauthorised brand use and claimed affiliation.
As ever, the conclusions to be drawn from these observations are clear. At times of increased online interest and high-profile news stories, consumers are advised to remain vigilant and be aware of the scope for potential scams. Brand owners should also take extra care to proactively monitor for (and take enforcement activity against) infringements which may affect them and their customer base.
References
[1] https://www.bbc.co.uk/news/articles/cjde3p0rnjgo
[2] https://gettrumpmemes.com/
[3] https://www.axios.com/2025/01/18/trump-meme-coin-25-billion
[4] https://eu.usatoday.com/story/money/2025/01/18/trump-meme-coin-price-crypto/77802704007/
[5] https://www.linkedin.com/feed/update/urn:li:activity:7286778120236355584/
[6] https://www.linkedin.com/feed/update/urn:li:activity:7286760863796011008/
[7] https://www.bbc.co.uk/news/articles/c2475l7zpqyo
[9] https://www.iamstobbs.com/opinion/web2/web3-crossover-brand-related-crypto-infringements
[10] These keywords were selected on the basis of their association with the Trump 'Fight, Fight, Fight' meme, by which the new coin is inspired; indeed, the currency is partly held by a Trump-owned company named 'Fight Fight Fight LLC'
[11] Second-level domain names - i.e. the part of the domain name to the left of the dot
This article was first published on 30 January 2025 at:
https://www.iamstobbs.com/opinion/january-scams-surrounding-the-fall-and-rise-of-tiktok-and-trump
No comments:
Post a Comment