Risks to Resilience: Preventing Fraud and Abuse to Safeguard Online Reputation

Disclaimer: Please be advised that this recorded webinar has been edited from its original format, which may have included a product demo and other engagement features. To set up a live demo, please complete the form above on our website. If you currently are not on our website and are watching this on our YouTube channel, there's a link to the website in the description of this video. Thank you.

Christy: Hello, everyone, and welcome to today's webinar, "Risks to Resilience: Preventing Fraud and Abuse to Safeguard Online Reputation." My name is Christy DeMaio Ziegler, and I will be your moderator.

Joining us today is Quinn Taggart. Quinn is a product coach for Digital Brand Services and assists clients in the areas of online brand protection and cybersecurity strategy. Quinn has been with CSC for over 20 years, and his wealth of experience and knowledge is appreciated by brand owners as he helps them better understand their evolving digital asset portfolio and minimize their risk. And with that, let's welcome Quinn.

Quinn: Thanks, Christy. I appreciate it. And for those of you that are joining the series that I've been doing all year, this will be the fourth and final for 2025. We're going to revamp and recircle the wagons a bit for 2026, and come up with some more topics that we think are going to be relevant for everybody.

One of the big things, that if you've been in the series, is that we started out with some very basic pieces, and now we're at kind of the tail end of the line, where we're talking a little bit more about monitoring and enforcement. But I wanted to kind of recap a little bit and spend a few slides on that part of it. And then we'll get into some of meat and potatoes of that part of it.

So CSC Digital Brand Services at a glance, we're one of the trusted providers of choice for the Forbes 2000, number one provider for enterprise-class domain management and so on. I'm not going to read the whole slide for you. But the idea being is that one of the key components of making sure that you're able to manage your domain portfolio effectively and efficiently is to partner with an enterprise-level provider. And one of the key aspects of that, of course, is being able to get the quality advice, the strategy components, and, of course, to be able to have that breadth and depth of services that go along with it.

So again, going back into some of the very basic pieces, the domain name life cycle is a circle because in domains, everything is cyclical. The domains themselves are cyclical. The handling of your domain portfolio is cyclical. Strategy is cyclical. Everything will start and just continue to spin around and around and around, because the idea is that it's an ever-changing market. There's always something new happening on the internet and in the internet landscape. You want to make sure that you're out ahead of it if you can, and if you are playing catch-up, that you're on the right side of that part of it.

So with the domain name life cycle, everything starts with an idea. Once you've got your idea and you go out and you register your domain name, the first teal piece of that is important because you're going to register your domain, you're going to keep renewing it, you're going to keep going back and forth, and back and forth in that teal arrow of this circle. But then once you decide that you don't need those domains anymore, it's not a matter of them going "into the trash." What ends up happening is they get recycled and recycled back out into the wild, and then they're available for other people to be able to register.

It's a very important aspect of domain names in general is that they are recyclable. So if you don't want that domain anymore and you're confident that you're not going to come back to it, or you're not going to have any further use for it, when you release that, somebody else can pick it up. That's a particular challenge that you need to assess the risk on. And a lot of this comes down to your own company's penchant for risk.

Once it expires, it goes into a grace period. Not always. Most of the country code registrations don't always have that 30-day grace period. Some do. And then it's going to go into a delete phase and then back out into the wild. And then somebody else can pick it up, and they can join the domain name life cycle on their own. But that's one of the first key aspects that we wanted to cover.

This is one of the big things that we look towards is that you want to start with a very solid core and then build on that as you go outward. So you want to make sure that you've got some advanced domain security features, vital domain activities, you're utilizing registry lock on your core names, and the other major security features, like DNSSEC, CAA records, and DMARC. Those are really important on a domain by domain basis within the organization as a whole.

But then once you start to build on the next layer, controlling your user permissions, making sure the right people have the access to the right stuff, but they also don't end up having to have access or pushing access into a role or a responsibility sector that they don't really need. It used to be, back in the day, you had an administrative contact, a technical contact, and a registrant. And the registrant was kind of like the top tier. They had access to everything. Admin contact had the ability to kind of change a few things with respect to the domains, but that was kind of it. And the tech contact was technically DNS only, IP address changes, zone changes, and the like.

With today's technology being what it is, especially with CSC's portal, the way that it's set up, you can be very, very granular on who has access to what within the system and on which domains. And it's really important to kind of review that on a regular basis. And then, of course, you want to make sure that the portal has key access restrictions as well, two-factor authentication, potentially IP validation, which is a little bit more enhanced, or even federated ID. This is going to give you the flexibility that you need in order to make sure that the right people are able to get in and do what they need to do from wherever they are in the world. But this is also where, on the outside layer, you are going to partner with or want to partner with an enterprise, I can't get that word out today, enterprise-class provider. And this is where technology meets experience.

So a lot of the folks that are in the DBS department here at CSC have 10, 15, 20 years experience. They've seen a lot go on in the internet space over the years and are able to go and translate that into advice and strategic guidance towards your portfolio and what you're doing. A lot of our clients, we recognize the fact that you're not managing domains on a regular basis. It's a very small percentage probably of what you're doing in the run of a day, maybe 5%, 7%, 10% at the max. It's 110% my day. So take advantage of that. You're going to get that kind of experience and expertise in partnering with an enterprise provider.

So one of the foundational elements here at CSC is our digital optimization plan. And it's basically a four-pronged approach towards the portfolio management. So register the right stuff. Use blocks. Block can also mean registering, making sure the bad guys don't have access to the most common elements that'll go along with your brands online. Make sure you're securing everything, and you're utilizing all of the elements that are available to you, like I mentioned before, registry lock, DNSSEC, CAA records, and so on. But then the real key component here is monitoring and enforcement, and that's what we're going to kind of touch on today. We're going to make sure that you understand this is a real key element to proper domain portfolio health.

The threat vectors, globally nowadays, they're coming from a variety of different angles. You've got DNS hijacking. You've got domain name takeover. You've got IP spoofing, phishing attacks. AI is creeping into everything. They're making those really clunky and chunky phishing attack emails look very real, very professional. And good grammar, which has always been a challenge with a lot of those phishing emails, is that you look at the grammar and you can easily tell, "Yeah, this is no good." But that's all improved quite substantially. So you really have to pay attention to what's happening.

When it comes to domains and domain management, it's that you are going to touch every corner of an organization. You're going to touch marketing. You're going to touch security. You're going to touch fraud. You're going to touch brand. You're going to touch legal. You're going to need to communicate well with all those other departments and divisions within the organization because it's an all encompassing piece. You can register the domain name and have it in the portal. You're going to use it? It's going to require other people to make sure that it's secure and that it's doing its job.

I'm not going to read through obviously all this slide here, but one of the big keys here is being able to take advantage of the right security measures for you. And it all ties back into, as I said before, your company's penchant for risk. If you consider yourself risk averse, then pretty well all of this slide is important. If you consider yourself risk neutral, most of this slide is going to be important to you. If you consider yourself risk takers, well, then you're going to have to be prepared to deal with things on a reactive basis. And sometimes it'll take an unfortunate incident to occur for you to decide to put a little bit more time and energy into risk management on the domain portfolio itself.

A lot of folks still see the domain inventory as a cost center rather than a true asset to the organization. But like I say, sometimes it does take an unfortunate incident to get the attention of the right stakeholders internally to be able to funnel the right amount of budget in there. And again, today we're going to kind of focus in a bit on the monitoring and enforcement side.

So know your stakeholders. So making sure that you understand what the key stakeholder individuals are going to be within your organization. This is a very generic diagram. There are multiple divisions along the way, but we kind of kept it as easy as we could as a pie. But the idea too, as well, is understanding what the mentality and what those individual stakeholders are going to be looking for.

Legal is about infringement. They're about brand protection. They're really kind of focused in on that aspect of it because that's their purview. Marketing is going to be concerned about traffic. They're going to be concerned about SEO, how the brand is being interpreted online. IT wants to keep the lights on. And they want to make sure things are running smoothly, and the phone's not ringing, that people are yelling at them or communicating that, "Oh, my email is down," or, "How come the microsite is not working?" And, of course, InfoSec is an all encompassing part of the organizations today, where they really are responsible for making sure things are safe for not only internally, but externally as well.

So in our previous webinars, these are some of the conclusions that we've come up with. Anybody can buy a domain name. Absolutely true. One domain can lead to another and another and another. So once the bad guys go down a road and they find it profitable and they find it effective, they'll continue on that same vein. So this is where monitoring and enforcement can kind of come into play in identifying trends as you go through those results as they come in because then you can maybe plug the hole, plug the gap, or at least gain some intelligence on how they're attacking your brands online, so that you can try to find and formulate a strategy or a plan around it. And then use those patterns for your defensive and offensive. So it works both ways.

And then, of course, take full advantage of the enforcement toolbox. It can be a very long road when it comes to enforcement. So you want to be prepared for that. There are some immediate pieces that you can do, like takedowns, that'll get the immediate threat offline. But then you've got the long road in behind that of: All right, now what do you do? Do you file a UDRP? Do you seek some sort of compensation depending on the laws? Now I'm not a lawyer, so don't take anything I say as "legal advice." Please consult your attorneys. But at the end of the day, there are always some options to kind of go by. Maybe it is good enough to just get the content offline and kind of let things go that way. It really depends. And then there's always the mitigation after.

So how do you find out about these infringements? Most people have started out with word of mouth, direct communication with their customers or users. Generally, nowadays, it's via social media channels about potential issues. "Hey, you guys are offline." Or, "I got this phishing attack, somebody scammed me out of money. What are you going to do about it?" And a lot of this stuff is coming through the social media channels, including flipping it around and using the social media channels for things like brand impersonations and counterfeit goods and services.

But this is really kind of a tip of the iceberg approach, meaning that for every one or two that you get word of mouth, there are likely 10 or 12 that are also out there that people aren't saying anything about. That can be a bit of a challenge when you're trying to play whack-a-mole in getting all of these infringements dealt with accordingly.

Reaction time, of course, is usually a bit longer. It allows more time for reputational impact. And, of course, you could be offline as well.

There's a brand monitoring solution. This is kind of like the base model where it'll look for new domains that are being registered that might contain your brand, and it might look for other things, like logos and the like. But the idea is that you want to be able to detect that these are happening and then be able to report on it.

But one of the key aspects of a good, robust monitoring solution, whether it's brand monitoring or the 3D monitoring we're going to look at in a second, is the fact that you want to be able to prioritize the results. If you get 100 results a month coming back to you, how are you going to handle that? Is that too much? What do you do? Do you deal with all of them? You're going to be overwhelmed pretty quickly. The idea is to kind of give you a prioritized list of the best of the worst, and then you can deal with everything else after that. But then also, too, it is monitoring for a reason because now that you've identified some of those results, you may want to just keep an eye on them, see what they do, how things are going to evolve over time.

What the bad guys might do is they'll register a bunch of names that contain your brand and do nothing with them. Park them. There's no site. There's no nothing. So they're not going to necessarily be detected as far as content goes. But they may be detected, of course, because they contain your brand. That's good. But then they're not doing anything. So they may not be prioritized as high risk simply because they're not doing anything. But you're going to want to keep an eye on them because at one point what will happen is that the bad guys will activate that. They'll either activate it for email and start sending out phishing attacks, or they may activate an actual site content to that either counterfeit goods or the like and be able to start rolling it through. But they may want to just park it for a bit and give it some time.

So what are your options? Well, this is where our teams will come into play and give us an opportunity to investigate some of the options. Is this a serial infringer? And then, of course, there are some enforcement options that go along with it. We talked a bit about phishing takedowns. But then you've also got situations where you can go and actually recover the domain name as well into your own inventory and get it off the report.

The 3D monitoring is kind of like the Cadillac version of it. And I know it's a bit of a cliché to say it. But essentially, domains can be that prime starting point for cyberattacks. And a lot of the cases in the news, they start that way because then they're going to use that for your phishing attacks. Then they're going to have you click on a link, and then all of a sudden now it becomes a ransomware attack. There's always that gateway in. So you want to be able to try to keep an eye on who's infringing on your brands online.

But there's more to it than just that. Exact match pieces is fine. If your brand is ABC and you find abconline.com, fine. Those are easy ones to kind of pick up. But then when you start looking at typos and you start looking at homoglyphs and the like, those kind of variations are extremely difficult to anticipate as you go through it. You need to have that automation that goes behind it, and also utilizing, potentially, machine learning and AI to kind of incorporate that into it.

So our 3D monitoring solutions is a bit in that vein. It utilizes Machine Learning Deep Search. I had to read that off the slide because I can't say it without stumbling. But then it augments this with threat intelligence data, identifying the suspicious domain names that might pose a risk to you. And again, being able to prioritize those results to make sure that you're focused on the right stuff that can potentially harm your brands online.

So what sort of enforcement solutions are we looking at? Well, there are site takedowns. We can do, actually, proactive registrations. We can modify the domain strategy. We were talking a bit about strategy earlier. So as it should be, a strategy should be a cyclical event, but it also should be a living, breathing document. And the key factor in all of that, of course, is you need to be able to make adjustments. So as the bad guys are coming at you a certain way, let's make an adjustment. Maybe we add a few extra keywords to the registration, get them in there, make sure that the bad guys aren't left with the easy pickings that go along with it.

Social media is another aspect that comes up. Making sure you're using all the right protection mechanisms that are available for things like the new gTLD environment. Domain name recovery, if you have to go down that road, there's UDRPs, cease and desist. So there's a whole variety of different types and levels of enforcement options available.

Now one of the other considerations is when we look at the new gTLD side of things, back when this was launched in 2012, we had a slew of applications. It was a blind application process, meaning nobody knew what was applied for until applications were closed and then they released it. They had a bunch of stuff they had to kind of work through. There are still some Round 1 new gTLDs that are still being litigated and disputed. So they're not going to get launched anytime soon, but the bulk of them are out.

And one of the big things, when we're looking at the new gTLD side of the market, is a lot of them are keywords that people would have normally married with their brands anyways — shop, store, online, app. So instead of abcshop.com, it's now abc.shop. So these are really important. That's why all of those ones are extremely popular.

But you can also have your own space, and this is where the .brand side of things goes. So you could have your own .abc. You could have your own piece of the internet. It is your spot. This enhances a ton of the security side of things. When they first proposed this particular thing, I thought immediately, of course, of financial services, banks, making sure, "Hey, look . . ." I'm in Canada, so I'm going to quote a Canadian bank, "If it's not .cibc or not .bom or .bmo, it's not us." Because a lot of those phishing attacks, of course, related to banks.

So utilizing that slice of the internet as your own allows you to enhance security to your customers and your user base. It's not cheap. As you can see from the slide here, it's a sizable investment. But when you factor in all the monitoring and enforcement, I'm not saying that you get rid of it, but I mean, when you factor in what you're paying for monitoring, enforcement, and so on, to have that extra layer of security, marketing this properly can get you where you need to be.

So domain management is cyclical. This is the conclusion for today, and this is in line with what we've been talking about all along. Everything is a cyclical event. But diligence begins with your landscape. You need to have a look at what you're doing, how you're doing it, and how that impacts all of the stakeholders internally. Everything is a wash, dry, repeat, wash, dry, repeat. And it's all part of that. Communication internally is really key with all the stakeholders that are involved.

The landscape changes sometimes by the day. So you need to be able to be informed, integrate that change into what you're doing, and then, of course, review on a regular basis. Key to that, of course, is having the right partner. As I mentioned before, a lot of our clients are only doing 5%, 7%, 10% of their day with domains. It's 100% of our day. So you want to be able to make sure that you're partnered with the right person.