We were curious how major Canadian brands were fairing when it came to cybersquatting, so we took a look at how well protected they are in the domain name space. We specifically took a look to see whether their customers are facing navigation challenges or security threats online as a result of the domain names these brands don’t own.
Methodology for Our Cybersquatting Research
To do that, we looked at typographical variations in .COM and .CA of the top 25 Canadian brands according to Canadian Business’s Canada’s Best Brands 2017: The Top 25. Among the brands surveyed include established names like Home Hardware, Cirque du Soleil, and Scotiabank.
Five of the brands included on Canadian Business’ list were not included in our analysis because the brand names were too short, while others were omitted because they did not own their name in .COM.
Here is a table summarizing the brands that were included and omitted in our analysis:
What Did the Data Show?
We generated 2,128 typo variations across the 20 brands, included their correctly spelled versions, and applied .COM and .CA endings for a total dataset of 4,258 domains.
We found that:
- 85% of the domains are currently available
- 15% or 620 domains are registered
Of the registered domains:
- 27% (168 domains) are in Canada’s .CA extension, and
- 73% (451 domains) are .COMs.
Just 16.5% (103 domains) of the registered domain names are owned by the brands themselves, and these include the 20 websites of the companies.
Of the 103 brand-owned domains:
- 65 redirect to the brands’ websites
- 3 are used by the brand owner for another site (for example Saputo.com and Saputo.ca are different sites owned by the same company), and
- 3 are being used improperly
Those being used improperly are most likely displaying the same content these domains served when they were owned by third parties before being recovered through trademark enforcement or acquisition. For example:
- Scotiabank owns Scotiabnk.ca that displays PPC content, and
- Canadian Tire’s Cnadiantire.ca is a Fast Flux DNS site that sometimes presents malware, phishing, and ransomware and Canadiantirw.com is a PPC site.
The remaining 517 registered domains are owned by third parties. Of these third-party domains we found 60 that are legitimate and 3 that are questionable, meaning that these domains are other correctly spelled words or acronyms or a product of the company that owns the domain or it was too hard to know for sure. For example,
- ca is owned by P&G for their Swiffer WetJet product, and
- com is an Apple domain although similar enough to the Canadian IMAX brand to be part of the dataset.
Among the “questionable” domains is Tcbank.com, which is similar to TDBank.com and redirects to the website of InterBank however it was not immediately clear if there is a legitimate connection to InterBank so it was marked “questionable.”
A careful analysis of the brand-owned domains shows that Canadian brands that register typographic variations are focusing more on .COM (39 domains) than on .CA (27 domains).
How are the Non-Brand Owned Domains Being Used?
The majority of third party illegitimate domains are registered in .COM (344) vs. .CA (110) albeit disproportionately so. This may be a result of .COM being so much more inexpensive and accessible (no local presence requirement) than .CA. Regardless, the ratio of brand-owned to third-party owned illegitimate domains is 1:4.
It was significant to find that:
- 73% of the registered typo variations are illegitimate
- 41% of illegitimate third-party domains are used for PPC.
This would have been a bit surprising to us before 2016 when generally about 80% of infringing domains were enrolled in PPC (example: weatjet.com), but we have noticed a shift in domain monetization schemes over the past two years.
The uses of Canada’s top brands by third parties are attributed to 7 categories:
The largest use category beyond PPC is Fast Flux DNS (FFDNS) domains, which we wrote about in our 2017 – Perspectives on Cybercrime and Domain Names.
The decline of PPC revenue associated with cybersquatting has forced bad actors to look for other sources of revenue over the past several years. In the place of PPC, they have been enrolling their domains in FFDNS-type monetization schemes at the extreme detriment of brands and their consumers.
There are 30% more third party owned illegitimate sites resolving to Fast Flux DNS than all of the brand-owned domains combined.
We also found two domains serving up pornographic content – Tdbani.com and Wwstjet.com. While the Whois and DNS information is different, the domains were registered about 1 month apart and the format of the sites is similar raising questions about a possible link. Further, we’ve seen this type of site format appear across other studies and brand audits recently as well.
How Well Are Canada’s Top Brands Protecting Themselves from Cybersquatting?
Traffic has always been a strong indicator of value because so many domains get registered that have no impact on the brand and this must be considered when deciding which infringing domains to do something about. It is more tolerable when a third party owns a non-trafficked domain, but it sends a clear signal to brands to do something about it when an infringing domain is also trafficked. Like we found in the 2016 Cyber Monday study, third parties own more trafficked typos than the brands do themselves.
In the case of Canada’s top brands, we estimate that only 101 monthly visitors are accidentally landing on domains owned by the brands and 63,660 monthly visitors, or 630 times the number of internet users, are ending up on illegitimate websites.
This is when we look at the top Canadian brands and judge which ones are doing the best job of protecting their brands and their customers, and which are not.
Based on the number of typographical-variant domains owned by third parties and serving illegitimate content, the most maliciously-targeted audiences are those of Scotiabank, WestJet, Telus and Roots:
Based on the number of typographical-variant domains owned by the brand owner, TD Bank and Canadian Tire are putting forth the greatest effort to protect their brands and audiences from message thieves online:
It is clear that TD Bank (27 owned) and Canadian Tire (23 owned) are making the best effort to ward off cybersquatting, brand dilution, and customer harm even though third parties are still targeting their audiences and holding numerous typographical variations of these brands.
According to our data, Scotiabank is doing the worst job of protecting their image and customers with 62 un-owned typos and just 1 owned typo. Furthermore, 28 of the typo domains Scotiabank doesn’t own are hosting Fast Flux DNS, frequently malware-, ransomware-, and phishing-related websites.
Great-West Life, Canada Goose, IMAX, Roots, Telus and others are not too far behind with zero-owned typographic variations of their brands in .COM and .CA.
Canada’s top brands, like the rest of the world’s top brands and their consumers, are under assault by domain infringers who are possibly unaware of the damage they are causing by using domain names to earn a buck (or Loonie) and expose audiences to scams and fraud.
With cybersquatters’ noticeable pivot from PPC to the more-dangerous and brand-eroding Fast Flux DNS with malware/ransomware/phishing as their preferred platform for domain monetization, brands should pay closer attention to typosquatting and cybersquatting.
While FairWinds recommends triaging through quantification of harm, namely prioritizing domains with measurable traffic, it is time to also consider backing policy solutions and industry groups that discourage cybersquatting and target platforms, such as services offering commissions to domain owners who enroll their names in schemes like Fast Flux DNS and are enabling these more malicious forms of domain portfolio monetization.
Latest posts by Josh Bourne (see all)
- Highlights from 2017 and What to Expect as We Embark on 2018 - December 27, 2017
- Cyber Monday 2017: Fast Flux DNS and Other Cyber Threats to Brands - November 27, 2017
- Fraud in Financial Services New TLDs Less Prominent than in Other New Generic TLDs - October 5, 2017