Breaking the rules on counterfeit sales: the use of hidden links

Counterfeiting is big business. A 2021 study by the Organisation for Economic Cooperation and Development (OECD) estimated that the international trade in counterfeit and pirated products was worth up to $464 billion in 2019, or around 2.5% of all world trade^[1]. A significant proportion of this trade occurs via digital channels, where global annual expenditure on e-commerce is more than $4 trillion^[2]. A 2018 study by the US Government Accountability Office found that two in five branded products purchased online are counterfeits^[3]. Europol’s 2017 Situation Report on Counterfeiting and Piracy noted that counterfeit goods are increasingly distributed via online marketplaces, with many of the items originating from manufacturing centres in China and the Far East^[4]. Its updated 2022 study found that other online channels, including social media and instant messaging services, are also becoming more significant^[5]. Similar trends have also been noted by other recent studies^[6,7], with the COVID-19 pandemic having further driven an increased online trade in counterfeits^[8,9].

In response to the increasing size of this problem, several pieces of legislation have been developed or proposed to drive increased online safety. The US Shop Safe Act aims to place increased pressure on marketplaces to prevent infringing listings, by including requirements to ensure verified seller identities, proactive screening of items for counterfeit indicators, and the suspension of repeat infringers. Furthermore, the INFORM Consumers Act (an extension of the SANTA Act) requires regular marketplace verification and disclosure of details (where available) for high-volume sellers^[10]. This change in landscape is pushing many online marketplaces to develop more proactive programs to identify and remove listings offering infringing products.

Despite the safety and quality implications associated with counterfeit items, there remains a consumer appetite for replica products, particularly where the original branded products sell at a high price point. This demand has resulted in the emerging tactic of using hidden links to sell infringing items.

What are hidden links?

Hidden links are used to circumvent marketplace restrictions on the sale of counterfeit products. They involve an online seller creating an external listing for a counterfeit item (e.g. on a standalone e-commerce site) that links to a decoy marketplace listing. The item displayed on the marketplace is usually an unrelated generic product, and the referring site incorporates instructions for buying the counterfeit item via the marketplace listing. This may involve the buyer selecting a particular colour and size combination (Figure 1).

Figure 1: Example of a marketplace listing using a hidden link, that is in fact associated with the sale of counterfeit luxury watches

From a brand protection point of view, it is difficult to explicitly monitor for and detect hidden-link listings in isolation, since the only visible characteristics are a standalone e-commerce listing for a branded product, linking to a marketplace listing for an unrelated product. It is not even always straightforward just to search for the presence of an embedded link to the marketplace site in the referring listing, because the links often proceed via affiliate redirection URLs - meaning there may be no reference to the marketplace domain name in the HTML of the referring page.

That said, the counterfeiters often construct sites explicitly to promote the hidden links and give instructions on their use (Figure 2). In some cases, the referring sites may also infringe on the names of the brands or marketplaces being abused, by using official brand terms in the domain name or official branding on the page. Therefore, detection is usually based on a combination of monitoring for brand terms in conjunction with keywords relating to hidden links and other keywords, such as 'replica' (Figure 3). Similar content is typically also found on other channels like social media (Figure 4).

Figure 2: Example set of instructions on a site promoting hidden links

Figure 3: Examples of websites featuring hidden-link listings

Figure 4: Examples of a social media group and profile promoting hidden links

Insights for businesses

As a brand owner, monitoring for content relating to hidden links can form part of an online brand protection strategy that deals with counterfeit activity. It can help brands reveal instances where the sale of infringing items on the marketplaces themselves is not apparent from the content of these listings, and therefore may sit outside the platforms’ IP protection programmes.

From an enforcement perspective, taking down the marketplace listing is typically reliant on having the appropriate IP protection in place, and on proof of infringement. The exact requirements vary between marketplace platforms, but generally involve test purchases to verify the actual nature of the goods being shipped. An alternative option might be to carry out enforcement against the referring site, dependent on the presence of any IP infringements, since removal of the hidden-link instructions can essentially render the marketplace listing unusable.

References

[1] https://www.oecd.org/gov/global-trade-in-fakes-74c81154-en.htm

[2] https://business.adobe.com/resources/digital-economy-index.html

[3] https://www.gao.gov/products/gao-18-216

[4] https://www.europol.europa.eu/media-press/newsroom/news/europol-%e2%80%93-euipo-2017-situation-report-counterfeiting-and-piracy-in-eu

[5] https://www.europol.europa.eu/media-press/newsroom/news/counterfeit-and-pirated-goods-get-boost-pandemic-new-report-confirms

[6] https://ustr.gov/sites/default/files/IssueAreas/IP/2021%20Notorious%20Markets%20List.pdf

[7] https://www.retaildetail.eu/en/news/general/meta-platforms-centres-counterfeit-trade

[8] https://euipo.europa.eu/ohimportal/en/news/-/action/view/9231590

[9] https://www.infosecurity-magazine.com/news/counterfeit-pirated-imports-surge/

[10] https://www.buysafeamerica.org/informed-consumers-act

This article was first published on 25 April 2022 at:

https://www.cscdbs.com/blog/breaking-the-rules-on-counterfeit-sales-the-use-of-hidden-links/

Also published at:

https://circleid.com/posts/20220510-breaking-the-rules-on-counterfeit-sales-the-use-of-hidden-links

Creating a cost-effective domain name watching programme

Introduction

The management and monitoring of domain names are central components of the business administration and brand protection activities of any organisation with an online presence. Companies typically maintain a portfolio of official domains, which include:

• core domains used in the day-to-day execution of their business, such as those used to host the official company websites and email infrastructure; and
• a wider group of tactical domains, including defensive registrations (i.e. those held to avoid them being used by third parties) and others intended for potential future use, such as those relating to planned brand or product launches.

Careful management of these official domains - ideally using an enterprise-class service provider - is key to keeping them secure, maintaining business continuity and circumventing the threat vectors that can lead to phishing, and DNS (domain name system) or DDoS (distributed denial of service) attacks, among other things. A range of industry solutions can provide protection, including registry lock; DNSSEC (domain name system security extensions); enterprise-grade DNS hosting; and DMARC (domain-based message authentication, reporting and conformance).

However, no organisation can defensively register domains that contain every possible permutation of its brand name and associated keywords that could potentially be used by an infringer; it is neither sustainable nor cost-effective to do so. Accordingly, a brand protection programme - incorporating domain name monitoring - that tracks third-party activity outside the firewall (i.e. on the open Internet) is essential for any organisation looking to defend its brand online.

Third-party brand-related activity can comprise several threat types:

• lower threat brand abuse categories, such as negative comments or non-compliance with brand guidelines;
• instances of brand infringement, comprising contravention of IP protection; and
• actively criminal brand fraud activity, such as phishing or counterfeit sales.

A brand protection programme identifies these threats via Internet monitoring and, where possible or appropriate, takes down infringements using a toolkit of enforcement approaches. This not only directly defends revenue and reputation but also makes the brand less attractive for potential infringers to target.

All brand threats can occur across a range of online channels, although arguably the most significant are those occurring on websites hosted on brand-specific domain names. This is true for several reasons:

• branded domains typically rank higher in search engines, creating greater visibility to potential customers; and
• branded domains comprise more explicit abuse of IP rights, although this means more enforcement options are available.

Consequently, a domain monitoring component is vital to any comprehensive brand protection solution. There is a wide universe of domain names to consider. Verisign's Domain Name Industry Brief^[1] reported that, as of the end of Q3 2021, there were a total of 364.6 million registered domains.

Domain monitoring and brand protection

Domain name monitoring identifies the registration of third-party domains containing a brand name of interest (or variations) in as close to real time as possible. This allows content to be analysed and tracked, and - where found to be infringing - for enforcement actions, such as website or content takedowns, or domain disputes to be launched to minimise brand damage and revenue loss.

Domain detection can be key even when the domain has no active website content. In some cases, domains are registered purely for their e-mail functionality. This allows bad actors to construct e-mail addresses that appear confusingly similar to that of the official organisation being targeted.

The presence of an active mail exchanger (MX) record indicates that the domain is configured to send and/or receive e-mails. This can be an early indicator that the domain is intended for use in phishing or business e-mail compromise (BEC) scams. In other cases, pay-per-click links may be included on a domain parking page, which can be a source of revenue for the domain owner - hijacking web traffic that is arguably intended for the brand owner's organisation.

Domains containing a range of brand variants or keyword variations are often registered for short periods to determine which attract the greatest number of visitors, either through search engine queries or mistyped browser requests.

Methodology

A primary data source for domain name monitoring is the set of zone files, published by registry organisations on a regular, often daily, basis. These include lists of all registered domains across a particular domain name extension, or top-level domain (TLD). A wildcard search will identify all domains containing a brand term of interest. Comparing each version of a zone file with that from the previous day makes it possible to identify both new registrations and lapsed domains.

Zone files are typically available across a range of TLDs, particularly global or generic TLDs (gTLDs), such as .com and .net, and the range of new gTLDs^[2] launched since 2012. They are less readily available, and may be less comprehensive, across other extensions such as country-specific TLDs.

For this reason, an effective domain monitoring solution usually requires additional data sources to identify as many relevant domains as possible; however, completely comprehensive coverage is never possible. The additional techniques include:

• Parallel look-ups - this method involves performing queries based on the domains identified via zone file analysis to determine whether equivalently named domains (i.e. those with the same second-level domain name (the part of the domain name before the TLD)) exist across other extensions.
• Exact-match/direct queries - this approach is used when one or more search strings of high relevance exist (e.g. the brand name in isolation). It involves querying every possible domain name comprising just the string itself and any TLD to check whether the domain is registered.
• Internet meta-searching - this is the same method used to find general Internet content in a basic brand monitoring service. It involves submitting brand-related queries to search engines and, optionally, further crawling of relevant links on the pages identified.

A recent study^[3] by CSC highlighted that, following the launch of a new TLD, the registration of new domains by potential infringers is usually extremely rapid. This highlights the importance of having a brand monitoring programme that can cover new extensions as soon as they launch.

Furthermore, the most effective domain monitoring services cover not just the brand name itself but variations, such as misspellings. Infringers use domain names incorporating brand variants in numerous ways. These include constructing web addresses (URLs) or e-mail addresses that appear deceptively similar to those used by the genuine brand and the misdirection of web traffic through mistyped addresses or corrupted DNS requests (eg, bit-squatted domains^[4]). The domain name variants typically covered by a sophisticated monitoring programme might include:

• instances where any character in the monitored string (i.e. the brand name) is missing or has been replaced by another;
• instances where an additional character has been inserted; and
• other types of fuzzy match, such as Soundex (homophonic or metaphonic) variations.

The most effective monitoring solutions also cover domains featuring non-Latin characters (internationalised domain names), which might include the use of homoglyphs (a non-Latin character visually similar to a Latin one). These can be highly convincing in creating a deceptive domain name.

Similarly, the replacement of one standard Latin or other ASCII character with another (or a combination thereof) is frequently used to construct lookalike domain names.

The table below shows the most common character substitutions observed in phishing domains, as identified by CSC's 2021 Domain Security Report^[5].

The use of homoglyphs by infringers is a well-established and widely used technique. CSC's 2021 study found that 70% of homoglyph variants of official corporate domain names are owned by third parties, with 43% having active MX records and 6% actively resolving to impersonation sites or sites distributing malicious content.

Even covering all the above approaches, there may still be instances of threatening domains that cannot be detected easily. Examples might include phishing sites hosted on TLDs without zone file coverage, or with obscure or no brand variants in the domain name, and where most of the traffic is driven to the site via associated spam e-mails.

For this reason, it may be appropriate to augment the domain monitoring techniques discussed thus far with additional data sources specifically designed to detect fraudulent activity. This includes the use of spam traps and honeypots, as well as information derived from the brand owner's web server logs to detect instances of phishing sites drawing content from, or re-directing to, official corporate websites.

Creating a cost-effective solution

Detecting potentially infringing domain names is only part of the process of creating an effective brand protection solution. An enforcement programme for infringing domain names is also necessary to defend the brand and protect revenue.

Some enforcement approaches, particularly those involving domain disputes or acquisitions, can be time consuming and costly. They may also only be appropriate when the organisation or brand owner wishes to reclaim the domain for its own use.

It is therefore important to have a toolkit of enforcement approaches, including cease-and-desist notices, host-level content removal, registrar- or registry-level suspensions, etc., that allows the most effective approach to be selected in any given case while reserving other options for escalation.

The use of appropriate technology can help to automate the analysis and enforcement processes, making them more efficient. Technology-based analysis of site content, as offered by several brand protection service providers, can be an important element of the brand protection process for the following reasons:

• Detailed content analysis and automated categorisation of results by infringement type and severity can help identify the findings that require prioritised follow-up action. This is particularly important for brands where large numbers of results have been identified.
• A domain name of potential concern may not feature any significant content at the point of detection but have the potential for more egregious use in the future. In those cases, the enforcement options are limited, except where there is proof of fraudulent use. It may therefore be more appropriate to monitor the site on an ongoing basis, with a view to detecting the potential appearance of infringing content. Sophisticated brand monitoring tools include 'revisitor' technology to determine and quantify the extent of the change to the site content between successive visits. It can also monitor explicitly for the appearance of specific content types.

Clustering technology and artificial intelligence (AI) can establish links between otherwise apparently unrelated infringements, based on shared characteristics such as registrant contact details and hosting information. This can help build compelling cases of bad faith (e.g. where a domain owner can be determined to be a serial infringer) and can also provide the potential for bulk takedown actions, where several linked infringements can be taken down via a single action, increasing the efficiency of the enforcement process.

Quantifying the value of a brand protection programme that comprises both monitoring and enforcement can be the final part of the picture. There are a range of ways to calculate return on investment^[6], which may incorporate some or all of the following ideas:

• Calculating the value of a domain that has been reclaimed by an organisation or brand owner into its official portfolio via a dispute process. This is determined using the amount of web traffic (number of visitors) to the site and is based on the principle that any traffic from the reclaimed site can be redirected to the organisation or brand owner's main corporate transactional website.
• Calculating the value of goods sold through an infringing site featuring e-commerce content and determining the proportion of the revenue that is reclaimable. This calculation assumes that, following enforcement, a certain proportion of the users who would have bought an infringing item will instead buy a legitimate item from an approved source.
• Determining the amount of reclaimable revenue following the removal of infringing content that previously resulted in traffic misdirection. This calculation is based on factors such as the traffic received by the infringing site and the mix of different brands or content types featured on the site.

It may also be appropriate to consider other less defined concepts, such as the impact of pre-existing infringements^[7] on brand equity and value.

Conclusion

Consideration of domain names should be a core activity for any brand owner. As part of their business-as-usual activities, organisations typically own and operate a portfolio of domains that should be protected by a range of security products and services, defending them against threat vectors and protecting business operations and corporate revenue and reputation.

However, third-party branded domain names can be associated with a range of brand infringements and other threats. A domain name monitoring programme - generally as part of a wider brand protection initiative - is key to detecting infringements outside the firewall and enabling enforcement actions to take down damaging content.

For this programme to be efficient, comprehensive and cost-effective, the following points are relevant:

• Using an automated monitoring technology product yields numerous benefits:
• it encompasses a range of data sources and monitoring techniques to allow the monitoring coverage, across both brand name variants and TLDs, to be as comprehensive as possible;
• it can enable automatic analysis and prioritisation of concerning domains according to site content, resulting in more efficient and timely identification of the most threatening examples for enforcement action;
• a product incorporating AI and clustering technology can establish links between infringements, resulting in the determination of bad-faith activity by serial infringers and the ability for bulk takedowns; and
• use of revisitor technology can be used to monitor domains that do not currently feature significant live content to identify infringing content in the future.
• Infringements should be tackled with a timely enforcement process. This should incorporate a toolkit of possible approaches so that the most appropriate methodology can be selected for each individual case. This helps to avoid the unnecessary use of highly complex, costly techniques while retaining options for escalation if an initial enforcement action is unsuccessful.
• Automated technology should be complemented by a team of expert analysts, who can both prioritise the raw data, identifying the key targets for follow-up action, and establish and implement the most appropriate takedown routes.

The above ideas highlight the importance for organisations to partner with an enterprise-class service provider that can provide both the necessary products and services and the analyst insight to ensure the smooth running of domain management and brand protection services. Enterprise-class providers can also work with the brand owner to establish the most appropriate methodologies for quantifying the return on investment of these programmes and carry out the associated analysis.

References

[1] https://www.verisign.com/en_US/domain-names/dnib/index.xhtml

[2] https://newgtlds.icann.org/en/about/program

[3] https://www.cscdbs.com/blog/domain-registrations-associated-with-new-tld-launches/

[4] https://www.bleepingcomputer.com/news/security/hijacking-traffic-to-microsoft-s-windowscom-with-bitflipping/

[5] https://www.cscdbs.com/en/resources-news/domain-security-report/

[6] https://www.worldtrademarkreview.com/global-guide/anti-counterfeiting-and-online-brand-enforcement/2021/article/return-investment-proving-protection-pays

[7] https://www.cscdbs.com/blog/brand-abuse-and-ip-infringements/

This article was first published on 15 April 2022 at:

https://www.worldtrademarkreview.com/global-guide/anti-counterfeiting-and-online-brand-enforcement/2022/article/creating-cost-effective-domain-name-watching-programme

as part of the 'Anti-counterfeiting and Online Brand Enforcement: Global Guide 2022':

https://www.worldtrademarkreview.com/global-guide/anti-counterfeiting-and-online-brand-enforcement/2022

Also published at:

https://www.lexology.com/library/detail.aspx?g=be587323-dc0f-4bff-a16a-043015d4db03

The world of the subdomain

A web domain name is the foundational piece of Internet property allowing its owner (registrant) to construct and host an associated website. On a domain, the owner is also able to construct whatever subdomains they wish - a process that is technically achieved via the configuration of records on the authoritative DNS (domain name system) server. A subdomain name is the part of the URL before the domain name, and separated by a dot (e.g. 'blog' in the URL https://blog.cscglobal.com/). Subdomains can be used in the construction of web addresses for a number of different purposes, such as the creation of individual microsites for sub-brands or campaigns, or the production of region- or subject-specific subsites. Some Internet service providers (ISPs), known as private subdomain registries, also offer the sale of specific commoditised subdomains of their site, allowing users to create their own sites (e.g. 'second-level' domains such as blogspot.com, which allows users to register URLs in the form username.blogspot.com, for the creation of a personalised blog in this case).

Subdomain name abuse in general Internet content

From a brand monitoring point of view, the appearance of a brand name or other relevant keyword(s) in the subdomain name of a third-party URL can be associated with a variety of brand infringement types. Some areas of potential concern include:

• As a means of driving traffic to third-party content via misdirected search-engine queries
• Creating sites featuring claims of affiliation with the brand in question
• Reputation issues - e.g. creating sites containing information, customer comments, or activism-related material pertaining to a particular brand
• As a means of creating a URL appearing deceptively similar to that of an official brand site (e.g. for fraudulent activity, phishing, or the distribution of malware)

Brand-specific subdomains can be a source of confusion for Internet users - and thus an effective threat vector - because of their similarity to familiar, legitimate URLs. For example, the hypothetical and unofficial domain cscglobal.blog.com could be used to create a convincing fake version of the official blog.cscglobal.com.

In recent months, a number of (often SMS-based) phishing attacks have been observed to make use of a brand name in the subdomain name to create a highly convincing, deceptive URL in a particular way^[1,2], as shown in the example in Figure 1.

Figure 1: Example of a 2021 SMS-based phishing attack targeting HSBC customers

In this example, targeting UK customers of the bank, the phishing URL makes use of a reference to HSBC in the subdomain name, together with a domain name beginning with 'uk-' (uk-account[.]help), as a means of producing a URL that appears visually very similar to the real 'hsbc[.]co[.]uk/account-help'. The phishing site link also uses the HTTPS protocol, historically an indicator of trust, but now a characteristic shared by over 80% of phishing sites^[3] in response to the easy availability of SSL (secure sockets layer) certificates from free providers. This approach is particularly effective for a number of reasons, including the fact that it uses a new generic top-level domain (gTLD) extension that may be unfamiliar to some users, and the tendency for the displays in mobile devices to insert line-breaks after hyphens. Zone file analysis shows there are at least several hundred registered new gTLD domains with names of a similar format that have the potential to be used fraudulently. Identified examples include uk-authorization-online[.]support, uk-gov[.]tax, uk-insurance[.]claims, uk-border[.]agency, and uk-lottery[.]win.

Other recent identified examples of branded subdomains in phishing scams include hermes[.]online-parcel-reschedule[.]com (for logistics company Hermes); and o2[.]billing9k7j[.]com (for telecommunications organisation O2). This type of attack circumvents the requirement for the fraudster to register a brand-specific domain name (which is potentially easier to detect by a brand owner employing a basic domain monitoring service). In many cases, the whois records for the parent domains are anonymised, making it difficult to establish links between cases. These domains are also often registered immediately prior to the attack and are used for a short period, in an effort to circumvent detection and takedown efforts.

In general, brand-related subdomains on third-party sites are more difficult to detect than domain names themselves, which can much more easily be identified through wildcard searches of registry zone files. The most straightforward method for identifying subdomains is through search engine metasearching, providing the subdomains in question are linked from other sites and have been indexed by the search engines. Beyond this, the issue can partially be addressed through the use of other techniques, such as a detailed analysis of domain-name zone configuration information (e.g. passive DNS analysis), certificate transparency (CT) analysis, or via the use of explicit queries on particular domains for the existence of specific subdomain names.

Other issues include private subdomain registries being problematic because they are not necessarily regulated by ICANN (the Internet Corporation of Assigned Names and Numbers), and thus may lack dispute resolution procedures, abuse reporting processes, or records of any sort of whois information.

When considering enforcement against infringing subdomains, options can be relatively limited - particularly in comparison with the range of approaches available for domain names. It is sometimes possible to achieve engagement with the registry, registrar, hosting provider or DNS provider, but they may not be obligated to comply. Furthermore, many established dispute processes, such as UDRP (the Uniform Domain-Name Dispute-Resolution Policy), do not necessarily apply to subdomains. However, exceptions do exist in some cases, such as certain new gTLDs, instances where the host domain name corresponds to a country code (e.g. jp.com), or other limited circumstances (e.g. those covered by the Dispute Resolution Service (DRS) for .nz). Failing this, court litigation is often a last resort^[4].

Finally, the use of fraudulent domains in conjunction with wildcard MX records (which allow the domain owner to receive emails sent to any subdomain on the domain name) can also be a highly efficient way for criminals to intercept mail intended for trusted organisations, and thereby harvest sensitive information. This can be successful in cases where the recipient e-mail address has been mistyped (i.e. with an extra '.' inserted). If the domain name is carefully selected, it can enable attacks against a range of different organisations (e.g. *.bank.[tld] can be used to harvest mis-addressed e-mails intended for any organisation with an official domain name of the form [brand]bank.[tld]).

Subdomains of official domains within the brand owner’s own portfolio

Considering the domain security landscape, an area of primary concern for a brand owner is the existence of subdomains on domains under their own ownership.

Subdomain hijacking

Brand owners may use subdomains of official sites for a number of different purposes, as discussed previously. However, when they register a lot of subdomains - IBM has around 60,000 and Microsoft over 120,000 - subdomain management can become a significant endeavour. The associated risks make it possible for bad actors to take over the subdomains through exploitation of expired hosting services (an issue known as 'dangling DNS records'), DNS misconfigurations, or untrustworthy legitimate users. Compromise can also be achieved using pharming (DNS poisoning) attacks, where subdomain records are modified to re-direct traffic to a fraudulent IP address. This can give fraudsters the ability to create fake sites, upload content, monitor traffic, or hack official corporate systems^[5]. A 2021 study identified over 1,500 vulnerable subdomains across 50,000 of the world’s most important websites^[6].

A number of news stories have emerged in recent years of corporations being attacked in this way, including instances of official corporate subdomains being hijacked to re-direct to content including malware, pornography, and gambling-related material. Subdomains of the Xerox website, for example, were used in 2020 to drive traffic to sites selling fake goods, taking advantage of the trusted reputation of the official corporate domain to boost the search-engine ranking of the malicious content^[7]. In another case in 2019, GoDaddy shut down 15,000 abused subdomains that drove a massive spam campaign geared towards the sale of counterfeits^[8].

Brand owners can mediate these threats by analysing their own domain portfolio and being mindful of any subdomains pointing to external IP addresses.

Domain shadowing

Another risk is the possibility for criminals to create new, unofficial subdomains of official sites via DNS compromise through a method such as phishing or dictionary attacks - a practice known as 'domain shadowing'. This approach can also be used to drive users to threatening content, while taking advantage of the protections associated with being hosted on a trusted website (e.g. to circumvent site block-listing). In one reported example of this practice, a number of domains (primarily registered through GoDaddy) were compromised to create over 40,000 subdomains pointing to Russian IP addresses hosting a range of malware variants^[9,10].

This type of attack can be difficult to detect, both because it avoids the requirement to make changes on the official corporate webserver, and because the infringing content is typically hosted externally. The damage may only become apparent following complaints by users, or in response to the official domain being added to a block-list due to the malicious activity. Rigorous security measures are the primary preventative approach, including the use of strong passwords and two-factor authentication^[11].

A related attack vector is the use of wildcard DNS records, which can result in any arbitrary subdomain name being set to re-direct to a malicious external IP address. Bad actors can use randomised, changing subdomains to circumvent hostname-based block-listing (e.g. in coordinated phishing campaigns). This type of attack can be applied both to official (compromised) or third-party (standalone) domains^[12].

Overall, to mitigate these threats, brand owners should employ a robust domain security posture combined with a comprehensive programme of brand monitoring and enforcement.

References

[1] https://www.cscdbs.com/blog/phishing-scams-how-to-spot-them/

[2] https://thewebisround.xyz/2021/06/28/the-reality-behind-the-smishers/

[3] https://docs.apwg.org/reports/apwg_trends_report_q2_2021.pdf

[4] https://www.worldtrademarkreview.com/enforcement-and-litigation/subdomains-and-online-brand-protection-what-you-need-know-long-read

[5] https://www.networkworld.com/article/3623949/don-t-let-subdomains-sink-your-security.html

[6] https://www.eurekalert.org/news-releases/698257

[7] https://www.theregister.com/2020/07/07/microsoft_azure_takeovers/

[8] https://www.techradar.com/news/godaddy-shuts-down-15k-subdomains-used-in-massive-spam-campaign

[9] https://www.domaintools.com/resources/blog/domaintools-101-dns-shadow-hack-attacked

[10] https://threatpost.com/40000-subdomains-tied-to-rig-exploit-kit-shut-down/126072/

[11] https://encyclopedia.kaspersky.com/glossary/domain-shadowing/

[12] https://www.phishlabs.com/blog/phishing-with-wildcard-dns-attacks-and-pharming/

This article was first published on 14 April 2022 at:

https://www.cscdbs.com/blog/the-world-of-the-subdomain/

Also published at:

https://circleid.com/posts/20220504-the-world-of-the-subdomain

The online effects of the Ukraine war

As the war in Ukraine continues to unfold, government-led cybersecurity organisations are advising companies to strengthen their security posture, as an increase in cyber threats such as distributed denial of service (DDoS) attacks, phishing, website defacements, ransomware, and malware is likely to follow.

Observations from CSC have also shown that the general online effects of this war need to be watched as well, as some of the tactics used by fraudsters - particularly with malicious domain names and website spoofing - are magnified during a major world event. The observations below outline some of the emerging trends across a range of key online content areas and are followed by recommendations to protect against the associated threats.

Surge in domain registrations

As seen in past CSC studies, significant world events often trigger spikes in domain registrations. With the Ukraine war, we analysed the landscape based on a snapshot of all domains containing the keyword 'ukraine' that had been registered by the end of the month of the initial Russian invasion (Figure 1).

Figure 1: Daily total numbers of Ukraine-related domain registrations during February 2022 (date of the initial invasion shown as a dotted line)

This event shows a similar pattern of activity to others that CSC has monitored, with the start of the war immediately followed by a spike in activity. Entities registering these domains - whether legitimate or with criminal intent - do so to take advantage of public interest in the emerging situation and to attract the increased web traffic.

More than 700 new Ukraine-related domains were registered in the five-day period beginning February 24. These feature a range of associated keywords and content, the most potentially concerning of which are shown in Figure 2.

Figure 2: Numbers of domains registered in the five-day period beginning February 24 with names featuring keywords of particular concern

A significant proportion of the sites are directly soliciting for donations, using either traditional payment methods or cryptocurrency (Figure 3). While several may be genuine resources for supporting victims of the war, any that are not legitimate are an obvious cause for concern. They may be associated with fraudulent activity, attempting to take advantage of well-meaning people wishing to help those in need.

Figure 3: Examples of Ukraine-related domain names resolving to donation sites

Many other researchers have also noted this emergence of fake donation sites, stressing the importance of contributing via legitimate agencies like the International Red Cross, Save the Children, Doctors without Borders, or UNICEF^[1,2,3].

Fraudulent solicitations for donations - particularly using cryptocurrency - have also been reported as circulating via numerous other routes, including phishing emails and forum posts^[4]. These follow a legitimate call for donations from the Ukrainian government, posted through its official Twitter account^[5].

Interestingly, amongst the (de-duplicated) set of 170 domains featuring keywords of concern, many are registered through consumer-grade domain registrars, a trend commonly seen with non-legitimate sites.

Some of the other domains within the dataset were also found to include references to trusted charities or other key organisations, as a way of misleading Internet users and adding credibility to the site content. Examples included domains with the keyword strings 'redcrossukraine' (resolving to a site soliciting for cryptocurrency donations) and 'nato4ukraine' (resolving to a parking page with pay-per-click links at the time of analysis).

Spread of misinformation

As with any major world event, there has been an increase in misinformation appearing online following the start of the war, which has taken several different forms.

1. Recycled, out-of-context, and modified imagery - Various photos and videos purporting to show events occurring in the war in Ukraine have been circulating, particularly on social media. In many cases, these have been found to be images from unrelated events, which may have occurred many years earlier^[6,7], or are material that has been modified^[8] or falsified altogether^[9]. In many cases, these posts have gone viral, with some examples attracting hundreds of thousands of views.

From a brand protection perspective, in some instances, the original sources of the material can be identified through open-source investigation techniques (e.g. reverse-image searches). Similar approaches may be possible using screen grabs taken from video content. Furthermore, geolocation techniques can sometimes be used to verify the geographical origin of imagery^[10].

General advice for Internet users is to be mindful of the origins of information, and only to share content from trusted sources.

2. Pro-Russian content and propaganda - We found significant amounts of online content showing support for Russia. While some of this will presumably be legitimate, a significant amount (particularly on social media) appears to have been posted by Russian state-sponsored profiles or automated accounts (bots). Recent creation dates, low numbers of followers, and high numbers of likes for postings are characteristics that demonstrate profiles may fall into this latter category. Social media is a popular channel for spreading propaganda and generating political support due to the ease of creating content, combined with its wide potential reach and speed of spread (Figure 4). Many of the identified postings make use of popular hashtags (e.g. #istandwithrussia or #istandwithputin), or associate their content with other emotive issues (e.g. Israeli / Palestinian content). One study^[11] found that a significant subset of these postings were intended simply to attract traffic, in some cases driving readers to e-commerce listings or websites for other service providers.

Another significant observation is that even some mainstream Russian-based news accounts have been suspended from social media platforms in response to their pro-Russian stance and justification of military action based on reasoning unsupported by the known facts^[12,13]. Meta (the organisation behind Facebook, Instagram, and WhatsApp) announced its refusal to cease fact-checking content posted by Russian state-owned media^[14], as demanded by Russian authorities. Furthermore, on March 6, TikTok announced that it was suspending the creation of new videos in Russia. This was due to uncertainty around the safety of content creators following the introduction of Russia’s fake news law, which can impose up to 15 years’ imprisonment on those found publicly calling for sanctions, or spreading what Russia perceives to be false information about its military^[15].

Figure 4: Example of a pro-Russian viral image circulating on social media

3. Conspiracy theories and other fake information - One of the common themes identified in online commentary, particularly on social media, are claims that the war is fake^[16]. In some cases, this has been accompanied with claims that real imagery has been staged^[17]. These claims have been made by a range of entities, typically promoting pro-Russian or conspiracy theorist agendas.

An additional concerning observation is the use of fake accounts to post fake messages, such as the case of a Telegram account purporting to be that of Ukrainian President Volodymyr Zelenskyy^[18]. Several outlets claiming to offer breaking news stories have been circulating fake news, with the content on these untrustworthy channels frequently unaccompanied by sources or any other evidence^[19].

Among the other conspiracy theories circulating online are claims that the conflict is a campaign against bioweapons facilities^[20,21], and suggestions that the war with is linked with the establishment of a 'new world order'^[22]. This references a long-running conspiracy theory around the creation of a totalitarian world government. Some fake stories are less harsh in tone, such as the claim that Ukrainians are selling second-hand tanks on eBay^[23,24]. 

Direct effects on online businesses and organisations

The war in Ukraine has had a range of effects on corporations, from the Russian authorities blocking Internet access to several key western websites and platforms (particularly social media), to organisations withdrawing business operations in Russia. Conversely, there has also been a rise in activism against corporations who have failed to pull out of Russia, with hashtags such as #boycottcocacola and #boycottmcdonalds trending on social media in the first two weeks following the invasion.

A particularly significant effect from a brand protection point of view is the direct repercussions for both Ukrainian and Russian online organisations resulting from the business interruptions, sanctions, and economic damage that have arisen during the war. One example is the closure of a series of Ukraine-based websites and marketplaces. One affected organisation is EVO (evo.company), the Ukrainian IT company behind a range of e-commerce platforms in the region, including Prom.ua, Tiu.ru, Bigl.ua, Deal.by, and Satu.kz, among others. At the start of March, the Tiu.ru website suspended its operations in response to the war (Figure 5). This website was tailored to the Russian market but had been hosted on Ukrainian servers^[25].

These changes will have a knock-on effect on the e-commerce landscape in the region, the balance of available legitimate and counterfeit products, and may ultimately lead to the emergence of new marketplace sites to take their place.

Figure 5: Message displayed on the Tiu.ru website at the start of March 2022

Conclusion and recommendations 

The Ukraine war increases the possibility of cyberattacks against Western websites and Internet infrastructure. Employing a robust domain security posture is critical. In times of global uncertainty, companies should not only have advanced security measures^[26] in place to safely mitigate threats, but should also employ a holistic online monitoring program to ensure rapid detection and allow for quick and effective takedown of any IP abuse, such as fake sites, fraudulent campaigns, or other false content or misinformation.

CSC recommends taking the following steps.

1. Confirm that your domain registrar’s business practices are not contributing to fraud and brand abuse. The following issues are often common with consumer-grade domain registrars:

• Operating domain marketplaces that drop catch, auction, and sell domain names containing trademarks to the highest bidder
• Domain name spinning and advocating the registration of domain names containing trademarks
• Monetising domain names containing trademarks with pay-per-click sites
• Experiencing frequently occurring breaches resulting in DNS attacks, phishing, and business e-mail compromise

2. Identify trademark and copyright abuse in web content, and on online marketplaces, social media, and mobile app stores via an online monitoring service.

3. Leverage global enforcement, including takedowns and advanced techniques in Internet blocking.

4. Employ phishing monitoring and a fraud-blocking network of browsers, partners, Internet service providers (ISPs), and security information and event management (SIEM) systems.

References

[1] https://domaingang.com/domain-news/new-help-ukraine-domains-are-most-likely-not-legit/

[2] https://www.welivesecurity.com/2022/02/27/beware-charity-scams-exploiting-war-ukraine/

[3] https://twitter.com/ESETresearch/status/1497194165561659394

[4] https://www.bleepingcomputer.com/news/security/help-ukraine-crypto-scams-emerge-as-ukraine-raises-over-37-million/

[5] https://twitter.com/Ukraine/status/1497594592438497282

[6] https://www.bbc.com/news/60554910

[7] https://bbc-monitoring.co.uk/campaign/RwbbAiso/aab564822c8140a6c46681ea/b680b576f310643c916458a491cf5d77

[8] https://twitter.com/Shayan86/status/1496944075378855942

[9] https://www.cnn.com/2022/03/05/politics/fact-check-fake-cnn-ukraine/index.html

[10] https://www.youtube.com/watch?v=KtOaC0emsxY

[11] https://twitter.com/marcowenjones/status/1499312091727020032

[12] https://www.euronews.com/next/2022/03/02/ukraine-war-facebook-and-youtube-block-russia-s-rt-and-sputnik-in-europe

[13] https://www.businessinsider.com/facebook-ukraine-russia-news-state-media-2022-3

[14] https://twitter.com/nickclegg/status/1497279120853590025

[15] https://www.theverge.com/2022/3/6/22964418/tiktok-suspends-creation-new-video-content-russia-ukraine

[16] https://www.bbc.com/news/60589965

[17] https://twitter.com/hoaxeye/status/1497514958174699522

[18] https://twitter.com/Shayan86/status/1497485340738785283

[19] https://twitter.com/conspirator0/status/1496720310577602561

[20] https://twitter.com/Shayan86/status/1499031014496157697

[21] https://twitter.com/O_Rob1nson/status/1499337632022683648

[22] https://twitter.com/Shayan86/status/1498398600421941249

[23] https://www.snopes.com/fact-check/ukraine-used-tanks-ebay/

[24] https://twitter.com/Shayan86/status/1499167301614157824

[25] https://www.dk.ru/news/237164313

[26] https://www.cscdbs.com/blog/interpreting-global-guidance-on-cyber-threats-due-to-the-ukraine-crisis/

This article was first published on 24 March 2022 at:

https://www.cscdbs.com/blog/how-to-manage-the-online-effects-of-the-ukraine-war/

The rise of the NFT

The concept of the non-fungible token (NFT) began to rise to prominence in Spring 2021, with a series of news stories reporting the sale of digital artworks in NFT form. A video clip produced by a digital artist named Beeple was sold on the cryptocurrency art marketplace Nifty Gateway for $6.6 million^[1], having originally been purchased just a few months earlier for $66,666 - just 1% of the later sale price^[2,3,4]. In late February 2021, a new piece of work by the same artist was listed by auction house Christie's^[5,6], eventually selling on March 11 for more than $69 million - a new record for a digital artwork, and the third highest auction price ever achieved for a living artist^[7,8].

An NFT is a cryptographic collectible comprising any of several types of asset or media. Key to understanding the NFT is the concept of blockchain (the technology underlying cryptocurrencies like Bitcoin) - a publicly accessible digital ledger in which transactions are recorded. Blockchain is cryptographically sealed and cannot be modified after its contents are recorded, making it relevant to several applications. Examples of its use include the maintenance of an audit trail of a brand owner's supply chain and shipping to guard against non-legitimate trade (as in the Aura Blockchain Consortium founded by Prada, LVMH, and Cartier in 2021^[9]), or even assigning NFTs to mortgages^[10,11]. For NFTs, ownership of the asset is also recorded on a blockchain (currently, most NFTs are associated with the blockchain used for the Ethereum cryptocurrency). They are designed so every example is unique and cannot be exchanged for alternative identical copies, and therefore are 'non-fungible'. 

Theoretically, any digital file can be converted into an NFT - a process known as 'minting'. Although the file content can potentially be viewed by anyone, the association of the NFT with blockchain means there is a definitive original version of the file (or one of a series of authorised versions), whose ownership is recorded, making it a tradable collectible. The analogy is that "anyone can buy a Monet print, but only one person can own the original"^[12]. As a result, noteworthy digital items of a range of different types have been sold as NFTs, including various famous meme images (e.g. 'Doge' - an image of a dog, associated with the Dogecoin cryptocurrency - selling for $4 million)^[13], and the first tweet by Twitter CEO Jack Dorsey, which sold for nearly $3 million^[14]. Overall, NFT sales reached $25 billion in 2021, up from just less than $100 million the previous year^[15]. 

From a content producer's point of view, the concept of the NFT presents the potential to produce and sell a range of commodities. For example, on March 3, 2021, the band Kings of Leon announced their upcoming album would be released in NFT form (alongside standard formats), becoming the first band ever to do so. The NFT, priced at $50 and made available via the YellowHeart marketplace, included enhanced media (e.g. album artwork) together with the digital download of the music, and was available for a limited period. After this, no further versions were made, with the NFTs becoming tradable collectibles. Additional premium 'golden ticket' tokens were also released, including one version that included benefits like VIP concert tickets for life^[16]. The key idea is the use of blockchain technology to generate improved returns for the music industry in an era where digital sharing and streaming - and the COVID pandemic - is adversely affecting revenue streams^[17].

Applications

Virtual items

One application of NFTs is the production and sale of official virtual merchandise by brand owners. For example, luxury brand Gucci was one of the first players in this space, launching a series of sneakers in augmented reality, which can be purchased to be worn in virtual reality (VR) chat or the online game Roblox. Other brands experimenting with distributing branded products as NFTs include Dolce & Gabbana and Rebecca Minkoff^[18]. More recently, the Coach brand released a collection of NFTs as part of a holiday campaign^[19]. 

Although luxury collectables account for less than 1% of all NFT transactions in 2021, they are projected to evolve into a $25 billion business by 2030, or 10% of the total luxury market^[20]. 

With the emergence of the metaverse - the name given to the connected environment of 3D virtual worlds - this type of business model may become more mainstream^[21]. In February 2022, it was reported that McDonald's and Panera Bread had both filed trademarks for NFTs in the metaverse, setting the scene for virtual restaurants in online environments, tied to real-world deliveries for customers^[22]. Brand owners in a range of other industries have also filed trademark applications covering virtual or digital goods and services, across a variety of product areas, including Nike, The Brooklyn Nets, Walmart, Crocs, Skechers, Jay-Z, and The Coachella Valley Music and Arts Festival^[23].

Also in February 2022, the Playboy brand announced plans to offer digital subscriptions and a new virtual Playboy Mansion in the metaverse, following its prior release of a range of NFT imagery based on the bunny logo^[24]. 

Blockchain domains

A related idea is the concept of the blockchain domain. Like regular domain names, they consist of a second-level domain name and an extension, but there are a few key differences. Specifically, blockchain domains:

• Are recorded, together with their ownership details, on a blockchain (i.e. not hosted on a server, or recorded in a regular registry zone file)
• Do not resolve to websites in regular browsers, instead requiring dedicated browsers like Brave, or browser plug-ins
• Are associated with specific domain name extensions (e.g. .eth, .crypto, .bit, etc.)
• Are offered only by specific providers ('registrars')
• Have a one-off purchase fee and are then owned permanently

They can be used for a variety of purposes, including personalised addresses for sending and receiving cryptocurrency, providing hosting for programs that can be run as apps, or building decentralised websites (e.g. on peer-to-peer hosting platforms)^[25]. However, it is becoming clear that they may also be associated with specific threats, including the inability to tie them to real-world ownership details, and their observed use in creating botnets or distributing malware^[26].

Additionally, blockchain domains are not governed by ICANN (the Internet Corporation for Assigned Names and Numbers), which could be a regulatory cause for concern. Some providers are also reserving branded domain names on behalf of brand owners, and charging them to un-reserve them and thereby take ownership (similar to a review fee).

From a monitoring point of view, blockchain domains can be extremely hard to identify, both because of the absence of zone files, and that the domains do not resolve to websites in regular browsers. One technique to circumvent this difficulty can be to search for references to the domain names being traded in NFT marketplaces (Figure 1).

Figure 1: NFT marketplace listing offering the sale of a blockchain domain name.

Enforcement options are currently limited, with one option being just to take down infringing listings from the marketplaces - although this does not deactivate the domain name itself or change its ownership. However, some blockchain domain providers are becoming more mindful of the risks posed by cybersquatters^[27], and offer brand owners the ability to block third-party registrations (similar to the Trademark Clearinghouse (TMCH) program for new top-level domains (TLDs)) or to claim ownership of trademarked names. Brand owners may also consider proactively registering key domain name keyword strings across relevant extensions.

Emerging threats

There appear to be several key areas where NFT-related infringements exist and could become areas of concern for brand owners. The most obvious include the trade in branded blockchain domain names, or other digital files featuring brand-related content, such as logos or other official imagery - with the logo of one fashion brand reported as being offered for sale for over $3 million at the start of 2022^[28]. Currently, this trade appears primarily focused on a range of dedicated NFT marketplaces, including OpenSea, Rarible, Nifty Gateway, Binance, and SuperRare, and with new marketplaces, like Folio^[29] and N.Fungible^[30], launching regularly. However, there remains scope for the development of additional distribution channels in the future, with social media likely to become one. 

The growing popularity of NFTs also gives scope for other more familiar types of online scams and infringements, like registering domain names containing 'nft' to capitalise on the interest by Internet users. A 2022 study looking at over 34,000 NFT-related domains found that significant numbers may be associated with NFT scams, attack vectors for malware distribution, or cybersquatting^[31,32]. Scams take a variety of forms, including phishing, advance-fee frauds (e.g. the investor scam), and harvesting cryptocurrency. NFTs themselves can also have security implications, with a report in January 2022 of a type of NFT that could harvest viewers' IP addresses^[33].

The trade in NFTs can itself be subject to fraudulent activity. 'Wash trading', for example, is becoming increasingly widespread^[34]. This is where an individual NFT is repeatedly traded between multiple accounts owned by the same seller, as a means of artificially inflating its price. In February 2022, the first associated law enforcement action in the UK was taken in response to a VAT (value-added tax) repayment fraud involving 250 fake companies^[35].

It is worth noting that NFT ownership does not necessarily grant ownership of copyright for the content, and more generally, NFTs can also raise questions about the associated intellectual property (IP) rights. In November 2021, production company Miramax sued writer and director Quentin Tarantino over his sale of a collection of NFTs related to the movie Pulp Fiction. While Tarantino had retained limited contractual rights for the film, Miramax alleged that his sale of the NFTs violated the company's copyright and trademark rights^[36,37]. Cases become more complicated when content is moved from one blockchain to another, as it was in the recent Quantum NFT case^[38]. 

Growth in the sale of counterfeit versions of branded virtual items, like clothes and accessories for avatars, has also been noted as an emerging trend for various luxury brands. At the start of 2022, luxury brand Hermès took legal action for a trademark infringement against digital designer Mason Rothschild, following his release of a series of 100 designs of 'MetaBirkins' in NFT form. These "depict imaginary, fur-covered Birkin bags", in homage to the highly exclusive Hermès Birkin handbag. Following an initial sale price of 0.1 ETH (around $300), some MetaBirkin NFTs sold for up to $50,000 shortly afterwards - equal to or greater than the price of a real-world Birkin^[39,40]. The following month, Nike filed a lawsuit against shopping platform StockX for distributing NFTs featuring their logo and branding^[41]. StockX operates a system whereby 'Vault NFTs' can be redeemed for physical items, with Nike alleging that the association of the NFTs with their brand constitutes "trademark infringement, false designation of origin, and trademark dilution, among other violations"^[42].

Elsewhere in the digital content landscape, representatives of artists in the music industry expressed anger at a company named HitPiece, which appeared to be selling single and album artworks as NFTs^[43]. A few days later, reports emerged alleging that another platform, NFT Music Stream, was hosting unlicensed music content, apparently sourced from YouTube Music, on the blockchain^[44]. Instances have also arisen of artwork (such as that posted on online platforms such as DeviantArt) being stolen by third parties, converted to NFTs, and sold on marketplaces like OpenSea. In one instance, an artist's collection was offered for sale as a set of nearly 86,000 NFTs, through a practice known as 'lazy minting', where sellers list NFTs without writing them to the blockchain, in an effort to avoid paying fees until a sale is made^[45]. This follows a high-profile case where a scammer sold an NFT purporting to be by street artist Banksy for over $300,000^[46].

In fact, in response to the high volume of unauthorised sales, counterfeits and other scams, the Cent NFT marketplace suspended much of the trade on its platform in February 2022^[47]. OpenSea, the largest NFT marketplace, had also previously claimed that more than 80% of the NFTs minted on their own platform were "plagiarised works, fake collections, and spam"^[48].

Enforcement against infringing content can sometimes be carried out by submitting a DMCA (Digital Millennium Copyright Act) notice, generally resulting in high compliance. Additionally, some NFT marketplaces have specific processes for submitting takedown requests against IP-infringing content^[49]. However, the exact legal status of IP protection in the metaverse is unclear and the landscape appears to be evolving rapidly^[50]. 

References

[1] https://www.cnbc.com/amp/2021/03/03/what-are-nfts-all-you-need-to-know-about-crypto-collectibles.html

[2] https://observer.com/2021/02/beeple-record-breaking-christies-nifty-gateway/

[3] https://twitter.com/TheHustle/status/1366432385747804160

[4] https://www.coinspeaker.com/new-record-nft-beeple/

[5] https://www.cnbc.com/2021/02/18/christies-to-auction-beeple-nft-art-and-will-accept-ether-as-payment.html

[6] https://twitter.com/ChristiesInc/status/1365100549385957378

[7] https://www.nytimes.com/2021/03/11/arts/design/nft-auction-christies-beeple.html

[8] https://twitter.com/ChristiesInc/status/1370027970560106497

[9] https://www.pradagroup.com/en/news-media/news-section/aura-blockchain-consortium.html

[10] https://www.forbes.com/sites/kamranrosen/2021/11/18/this-company-wants-to-turn-your-mortgage-into-an-nft/?sh=67d405e037fe

[11] https://circleid.com/posts/20211209-protecting-your-brand-in-the-new-world-of-nfts

[12] https://www.theverge.com/22310188/nft-explainer-what-is-blockchain-crypto-art-faq

[13] https://mashable.com/article/classic-memes-sold-nft-prices

[14] https://www.theverge.com/2021/3/22/22344937/jack-dorsey-nft-sold-first-tweet-ethereum-cryptocurrency-twitter

[15] https://circleid.com/posts/20220125-nfts-and-emerging-scams

[16] https://www.rollingstone.com/pro/news/kings-of-leon-when-you-see-yourself-album-nft-crypto-1135192/

[17] https://www.rollingstone.com/pro/features/music-crypto-blockchain-nfts-guide-1116327/

[18] https://www.businessoffashion.com/articles/technology/unpacking-fashions-latest-wave-of-nft-sales/

[19] https://elle.com.sg/2021/12/21/coach-launches-its-first-collection-of-nfts-in-time-for-christmas/

[20] https://www.thefashionlaw.com/blockchain-and-nfts-are-smart-but-can-they-revolutionize-fashion/

[21] https://www.voguebusiness.com/technology/luxury-fashion-brands-poised-to-join-the-nft-party

[22] https://www.nrn.com/technology/mcdonald-s-and-panera-bread-file-trademarks-nfts-metaverse

[23] https://www.natlawreview.com/article/trademarks-metaverse-brand-protection-virtual-goods-services

[24] https://www.cnbc.com/amp/2022/02/11/playboy-plans-to-join-the-metaverse.html

[25] https://medium.com/unstoppabledomains/what-are-blockchain-domains-e823c3a6be13

[26] https://www.fastcompany.com/90686579/blockchain-domains-bit-microsoft

[27] https://www.brandsec.com.au/blockchain-domains-and-cybersquatting/

[28] https://www.worldtrademarkreview.com/opensea-how-trademark-infringement-rampant-the-biggest-nft-marketplace

[29] https://martechseries.com/content/digi-asset-mgmt/folio-launches-the-first-mobile-nft-social-network/

[30] https://fashionunited.com/news/business/n-fungible-launches-globally/2021121744615

[31] https://cybersecurityventures.com/as-nfts-popularity-grows-so-does-cybersquatting/

[32] https://circleid.com/posts/20220128-65000-nft-related-domains-and-subdomains-possible-vehicles-for-nft-scams

[33] https://www.vice.com/en/article/xgdvaz/nft-steal-ip-address-opensea

[34] https://news.sky.com/story/nft-fraudsters-making-millions-by-wash-trading-new-study-finds-12531135

[35] https://news.sky.com/story/hmrc-officials-seize-nft-crypto-assets-as-three-arrested-on-suspicion-fraud-12541831

[36] https://www.theverge.com/2021/11/17/22787216/miramax-pulp-fiction-quentin-tarantino-nft-lawsuit

[37] https://torrentfreak.com/tarantinos-nft-auction-goes-ahead-despite-miramax-copyright-lawsuit-220105/

[38] https://www.ledgerinsights.com/sothebys-sued-over-quantum-nft-auction/

[39] https://www.elle.com/uk/fashion/a38536774/birkin-bag-nft/

[40] https://www.businessoffashion.com/news/luxury/hermes-sues-nft-creator-over-metabirkin-sales/

[41] https://brandequity.economictimes.indiatimes.com/amp/news/business-of-brands/can-hermes-and-nike-stop-unauthorised-nfts/89365547

[42] https://www.theverge.com/2022/2/10/22925252/nike-stockx-shoe-lawsuit-vault-nft-trademark-infringement

[43] https://pitchfork.com/news/musicians-criticize-hitpiece-website-that-claims-to-sell-nfts-of-songs/

[44] https://www.newbusinessherald.com/news/nft-music-stream-slammed-for-hosting-unauthorized-music-newbusinessherald/40943/

[45] https://www.theverge.com/22905295/counterfeit-nft-artist-ripoffs-opensea-deviantart

[46] https://www.theverge.com/2021/8/31/22650594/banksy-nft-scam-pranksy-ethereum-returned-duplicates-art

[47] https://edition.cnn.com/2022/02/13/tech/nft-marketplace-plagiarism/index.html

[48] https://twitter.com/opensea/status/1486843204062236676

[49] https://support.opensea.io/hc/en-us/articles/4412092785043-What-can-I-do-if-my-art-image-or-other-IP-is-being-sold-without-my-permission-

[50] https://www.thefashionlaw.com/brands-v-nfts-from-hermes-and-metabirkins-to-olive-garden-and-phunky-apes/

This article was first published on 11 March 2022 at:

https://www.linkedin.com/pulse/rise-nft-david-barnett