Latest news of the domain name industry

Recent Posts

Wildly popular Facebook scam attack hits .ninja

Kevin Murphy, May 20, 2015, 12:31:56 (UTC), Domain Registries

Rightside’s .ninja appears to be the victim of a broad, highly effective affiliate marketing scam that targets Indians and exploits Facebook’s trademark.

Today, 11 of the top 12 most-visited .ninja domains are linked to the same attack. Each has an Alexa ranking of under 15,000. They’re all in the top 40 new gTLD domain names by traffic, according to Alexa.

The domains are com-news.ninja, com-finance-news.ninja, com-important-finance-update.ninja, com-important-finance-news.ninja, com-important-update.ninja, com-important-news.ninja, com-important-news-update.ninja, com-finance-now.ninja, com-finance.ninja, com-news-now.ninja and com-personal-finance.ninja.

The domains do not directly infringe any trademarks and appear innocuous enough when visited — they merely redirect to the genuine facebook.com.

However, adding “facebook” at the third level leads users to pages such as this one, which contains a “work at home” scam.

Scam

Indian visitors are told that that Facebook will pay them the rupee equivalent of about $250 per day just for posting links to Facebook, under some kind of deal between Bill Gates and Mark Zuckerberg.

It’s all nonsense of course. The page is filled with faked social media quotes and borrowed stock photos.

Not only that, but it uses Facebook’s logo and look-and-feel to make it appear, vaguely, like it’s a genuine Facebook site.

The links in the page all lead to an affiliate marketing campaign that appears, right now, to be misconfigured.

Infringing trademarks at the third level in order to spoof brands is not a new tactic — it’s commonly used in phishing attacks — but this is the first time I’ve seen it deployed so successfully in the new gTLD space.

It would be tricky, maybe impossible, for Facebook to seize the domains using UDRP or have them suspended using URS, given that the second-level domains are clean.

But it seems very probable that the domains are in violation of more than one element of Rightside’s anti-abuse policy, which among other things forbids trademark infringement and impersonation.

Tagged: , , , ,

Add Your Comment