With the Olympics underway in Tokyo, CSC has taken the opportunity to analyze domain name registrations that include Olympic-related terms. The following three data sets show that cybersquatters are using the domain name channel to perpetrate fraudulent activity against worldwide brands.
But specifically about the Olympics, we tend to see large-scale sporting events as periods where cybersquatters are active, as highlighted in CSC’s recent three part blog series on Euro 2020. The Olympics is one of the world’s largest sporting events, so the amount of online interest is massive, especially considering that spectators were locked out from attending the games in person.
Tokyo 2020 and 2021
Some terms such as “Olympics” and “Olympic games” are reserved due to their nature across varying country code top-level domains (ccTLDs) and generic top-level domains (gTLDs), so in this first set of data, we instead reviewed domains that include the more generic terms “Tokyo 2020” and “Tokyo 2021.” Below is a summary of registrations over the last few of years, with spikes correlating to real-world events suggesting opportunistic behavior among registrants.
Figure 1: Daily numbers of registered domains names containing “Tokyo2020” or “Tokyo2021.”
Additionally, we noticed the following:
- Target TLDs across both keywords included .COM, .NET, .ORG, and .INFO, but we also saw the new gTLDs targeted with the use of .TOKYO, .SHOP and .WORK.; ccTLDs targeted included .CO.UK and .FR, as well as .CO.
- Many of the sites linked to pay-per-click (PPC) advertising, such as tokyo2021.bet, but we also saw examples with full websites including 2020tokyo2020.com that included ad sense advertising within.
In our second set of data, we reviewed lookalike domains. With many Olympic terms reserved, bad actors resort to sneaky measures such as registering similar looking domains that users sometimes won’t notice. An example of a lookalike domain is “g00gle.com” where the ohs are replaced with numeric zeroes. In our analysis, we looked at variations of the term “Olympics;” below is a sample list of domain registrations we found:
Many of the examples we found we’re pointed to PPC pages, and in some instances, sites are directed to “for sale” pages. One of the main dangers of these types of registrations is they can be used for phishing purposes. Emails can be designed to look like they come from a trusted source, but in fact, have links to malware or other insecure locations.
What about Brisbane 2032?
Our final set of data looks at the recently announced host for the 2032 Olympics, Brisbane. It’s only been a few weeks since the announcement, but there are already over 150 registrations relating to the games. Of the data set we analyzed, we noticed the following trends:
- Registrations tended to target keywords such as accommodation, travel packages, merchandise, and stadiums with many using the word “official” within them.
- Popular TLDs used for registrations include .COM, .NET, .ONLINE, .ORG, .STORE, .SHOP and .LIVE. What’s interesting here is, when compared to the Tokyo data we found, there was a lot more use of new gTLDs (e.g., .ONLINE, .LIVE, etc.) and this is a result of their growing popularity.
- The majority of sites point to registrar holding pages, such as “brisbaneolympics2032.club.” Some also point to PPC pages like “brisbaneolympics2032.co” and “brisbaneolympics.wiki.” Sites such as “visitbrisbane2032.com” already show some minimal content with use of the Olympic rings.
It’s clear from these three data sets that cybersquatters are continuing to use the domain name channel and will take any opportunity to pounce right from the get go. We see that .COM and .NET are still the main targets of infringement, but we are definitely seeing more diverse use of the new gTLDs as well the lookalike domains to trick users into possible phishing attacks. When launching your brands, we suggest you cover your bases and consider all domain variations, such as keywords and lookalikes, and have strategy in place prior to launch. CSC can help you with this.