Introduction
Any 'brand' - even those specifically dedicated to intellectual property protection, and particularly those where customers and service users may be required to make payments - can be targeted by impersonation scams.
On 4 March 2025, the United States Patent and Trademark Office (USPTO) posted a warning on social media[1] of two fake sites impersonating the agency, at myusptoservices[.]org and uspto[.]codexol[.]com.
As of the date of writing (6 March 2025), the former site was inactive (as also announced on social media[2]) - though it had been live long enough to have been indexed by Google - but, astonishingly, the latter is still live (Figure 1).
Figure 1: The fake USPTO site at uspto[.]codexol[.]com (top), and the real site (uspto.gov) (bottom), as of 6 March 2025
This site is hosted on a subdomain of the domain name of web-development company codexol[.]com; conversely the other scam site was hosted on a specifically registered, brand-related domain name actually registered just a few days earlier (25-Feb-2025), with a domain ownership ('whois') record privacy-protected using the 'Privacy Protect, LLC (PrivacyProtect.org)' service.
In this article, we consider the prevalence of active or potential scams targeting three major intellectual property offices: USPTO, the European Union Intellectual Property Office (EUIPO) (euipo.europa.eu), and the United Kingdom Intellectual Property Office (UKIPO) (www.gov.uk/government/organisations/intellectual-property-office and URLs / subdomains hosted on ipo.gov.uk). It is noteworthy that these official agency URLs are hosted on restricted TLDs (.gov and .gov.uk) or on official domains (europa.eu - an official website of the European Union), on which registrations are not generally available to third parties (in the absence of a domain security breach!), meaning that impersonation sites, which by definition will be hosted elsewhere, should - in theory - be fairly easily identifiable.
Analysis and findings
Based on analysis of gTLD domain-name zonefiles[3], we find that there are 534 registered domains with names containing 'uspto', 'euipo' or 'ukipo'. Excluding false positives (e.g. those where the monitored term appears as a substring of an unrelated name – e.g. 'suzukipower', or random strings such as '1r12rq1kuku89c3ggn3rukiponos9idb'), we find 300 domain names where the use of the string appears to be (or potentially to be) related to the name of the agency in question (263 for USPTO, 19 for UKIPO, and 18 for EUIPO). The first additional observation of concern is that 145 of these are configured with active MX (mail exchange) records - i.e. have been configured to be able to send and receive e-mails - and could potentially be associated with active phishing activity.
Furthermore, the dataset of 300 high-relevance domain names is dominated by the use of privacy-protection services in the whois records, and the use of retail-grade registrars traditionally popular with infringers, with the list topped by GoDaddy (94 domains), NameCheap (23), Hostinger (18) - notably the registrar also used for the myusptoservices[.]org site, Squarespace (16), and Ionos (15). Many of the domains also feature keywords of concern and suggestive of potential fraudulent use, such as 'official', 'assist', 'notice' and 'support'.
168 of the 300 domains generate some sort of live website response, including 34 featuring a reference to the keyword 'login' somewhere in the site content - a highly-significant 'red flag' for potential phishing activity. 102 of the 168 active domains feature 'low-threat' page titles (blank, or with content suggesting that only a placeholder page is present), but 66 are worthy of more detailed analysis.
It is particularly noteworthy that these 66 candidate fraudulent sites have been easily identified through simple searches - compared with just the two identified by the USPTO which alone were deemed significant enough to warrant a press release - highlighting a potential significant brand-protection gap for the agencies in question.
In addition to a small number of instances within this dataset of third-party use of the same acronym, a variety of third parties offering their own business services in conjunction with IPO filings, etc. (some of which incorporate potentially unauthorised use of agency branding), and a small number of cases of claimed affiliation with the agencies in question, we do find a number of additional cases of what appear to be active brand impersonation (or other content presenting serious potential for brand confusion) - notably, all for the USPTO (Table 1 and Figure 2).
Table 1: Details for nine identified domains which appear potentially to be associated with impersonation scams (or other content of significant concern) for the USPTO
Figure 2: Screenshots of the websites associated with the domains listed in Table 1
Conclusion
The findings in this article present a somewhat worrying picture. As some of the major agencies responsible for coordinating the very intellectual property protection required for brand protection initiatives generally, it is concerning to see the IPOs - such as the USPTO - themselves targeted by impersonation scams. Moreover, it is doubly disturbing that one of the scam sites known to the USPTO is still live days after the initial report, despite the fact that - as remarked by IP commentator Doug Isenberg[4] - the USPTO does itself hold a federal trademark registration for 'USPTO'.
The additional fact that a significant number of additional sites of concern are so readily identifiable via simple searches highlights a notable lack of brand protection activity being carried out by these agencies - and more generally highlights the importance of proactive programmes of monitoring and (effective) enforcement being carried out by any organisation utilised by companies and members of the public who may be susceptible to targeting by scams of this nature. It is also worth pointing out that this analysis has focused just on branded domain names, and does not even address the potentially much broader additional set of scam sites which may exist within other areas of general Internet content (including examples just as the subdomain-based URL referenced at the start), and which would need to be addressed through complementary monitoring techniques, potentially including techniques such as search-engine metasearching, website template analysis, and use of spam traps.
Furthermore, it is noteworthy that the universe of trademark scams extends beyond the types of website-based examples considered in this study. All three of the IPOs featured in this article have themselves posted warnings about other ongoing types of offline / physical scams, in many cases involving the sending of unsolicited payment requests purporting to originate from the agency in question[5,6,7]. These types of issues can affect law firms and a wide range of other entities in the wider IP ecosystem, but the targeting of the overarching IPOs themselves is particularly bold.
In the case of the nine additional sites of concern identified for the UKIPO in this analysis, all have been registered in the past year, with one as recently as January. In some cases, there may have been a gap - potentially of several months - between registration and 'weaponisation' of the domains, showing the importance of tracking for changes to content, in cases when the registration of domain names of concern are identified.
We also see the continuing popularity of privacy-protection services and retail-grade registrars by infringers looking to create fake sites and evade detection. It is also concerning that new-gTLD domain-name extensions (such as .agency) continue to be used in such scams, despite the fact that the initial aims of the new-gTLD programme included a drive for "new safeguards to help support a secure, stable and resilient Internet"[8]. Perhaps it is time for a greater degree of regulation in the domain-name industry, with a drive towards heightened accountability and proactivity by the providers of related services to prevent abusive use and protect consumers.
References
[2] https://x.com/uspto/status/1897027826504917055
[3] Versions downloaded on 01-Mar-2025
[5] https://www.gov.uk/government/news/ipo-issues-fresh-warning-to-beware-of-misleading-invoices
[6] https://www.euipo.europa.eu/en/designs/after-applying/misleading-invoices
[7] https://www.uspto.gov/trademarks/protect/examples-fraudulent-misleading-solicitations
[8] https://newgtlds.icann.org/en/about/program
This article was first published on 1 April 2025 at:
No comments:
Post a Comment