As has been discussed at length elsewhere in these pieces, it is getting easier and easier to make false representation, take advantage of ‘fake news’ or simply to hope for the best and pretend to be a reputable company or individual on the assumption that nobody will bother to check otherwise.
KCS is seeing a notable upswing in the number of attempts made to ‘pass off’ either an individual or entity as something else entirely. The tale of the sham royal has already been told, but this is just one of the examples of a hotly contested field. The recent crop are born from domain harvesting. Previously, an enterprising individual would buy up any and all domains associated with a particular company and then sell them to that company at an artificially high price, on the understanding that they would likely need them at some point so why not pay and get it over with. This is underhand, but not outrightly damaging. Now though, what we are seeing is a full-scale adoption of companies, and the names of their key personnel, in long-term impersonation attempts.
A recent case brought to our attention saw a major industrial company be targeted for impersonation. There was just one change: an ‘s’ added to the name so as to pluralise it, when in real life the name is singular. Clearly, the bad actors were hoping that on business cards and email addresses, few people would notice or worry about the amendment. Likewise, an application had been made to formally register Company S with the names of the very directors that were present in the genuine company: again with very slight variations. The upshot of this was that, to the uncritical eye, Company S would appear in records and filings as pretty much the genuine article. This was exactly the effect desired.
Those behind Company S were now effectively free to pass themselves off as the real thing, on the assumption that nobody would look too closely. (Indeed, nobody did).
Clearly from a business perspective this can be devastating. Not only is the company’s name at risk, but whatever actions are carried out effectively in their name will come back to rebound upon them – and no matter that they were not ultimately responsible, ‘name recognition’ is everything and one stands or falls by how the company is perceived. Even if this company is unaware that their most basic of identification and intellectual rights are being trampled on – so be it!
Not only should companies regularly assess domains for any which might be being taken over by bad actors – they should also go through the same process for ‘physical’ records and see where their names, identities or close approximations are being used without their consent. Impersonation of a target is not always intended to directly damage that same target, but the consequences will reverberate back sooner rather than later. And you cannot deal with a problem if you do not know that a problem exists.