How Much Are You Willing to Wager?
The world of online gambling is becoming increasingly popular as more and more people choose to use online services to seek entertainment from the comfort of their home. Gambling is ripe for the picking when it comes to fooling users into visiting what “looks like” a legitimate website. In May 2016, a well-known Gambling Company in Macau was the subject of a brand abuse onslaught, which saw its logo being used on hundreds of imitation webpages.
When the Gambling Company first contacted FraudWatch International, they had a problem with several online websites using their brand to run online casinos. This form of impersonation would have a negative impact on the Gambling Company’s brand(s), and could result in significant financial losses. They knew they needed help to eliminate this problem, and they promptly signed up for our Anti-Phishing and Brand Abuse services.
When FraudWatch International first investigated this issue, we discovered that unauthorised parties had created hundreds of websites that were using the Gambling Company’s brand for monetary gain, by running online casinos. Some of the sites included mixed branding from their parent company as well.
This is a screenshot of a site that fraudulently used our client’s branding. To maintain the anonymity of our client the image has been edited of its original content.
Just like any other gambling website, users could sign up, purchase credits and gamble on a range of different games including: black jack, roulette, slot machines and a live casino. It wasn’t possible to tell who had setup these websites, but it was clear to see that the Gambling Company’s brand was being used without our client’s approval.
FraudWatch International analysed the pattern of the domains being used for the imitation websites, and this allowed us to locate all of the domains that had been registered.
To begin with, all of the domains were registered with a single host, which meant FraudWatch International could approach that host and notify them of the abuse that was taking place.
Trademark infringement is a widespread problem and is one that most hosts will actively act against. This meant it didn’t take long to have the first batch of domains suspended and the websites taken off-line. This then triggered a great cat and mouse battle. As the host removed the websites, the criminals behind the websites would setup new sites with different hosts. On each occasion FraudWatch International detected the change, and by speaking with the new host, would have the content removed.
As time went on, the group behind the websites, began to split the domains up across several different hosts in an attempt to make it harder for us to take them down. Using our knowledge of trademark infringement, years of experience and our relationships with hosting providers and authorities, FraudWatch International engaged with all hosts related to these websites. Not only were we able to have the content removed, we also managed to have the domains suspended; preventing the individuals from moving the websites to another host.
Once the site owners realised this wouldn’t work, they began to change the pattern of the domain names that they were using for the websites. However, by proactively monitoring newly registered domains we were able to locate the malicious domains as they were registered; allowing us to stay with the group as they changed tactic. FraudWatch International blocked hundreds of the websites impersonating our client’s brand, resulting in a reduction on the impact to the brand’s reputation and succeeding in stopping the fraudsters from making financial gains using our client’s brand.
The chart below shows how the brand abuse incidents reduced significantly in the two months after the Gambling Company signed up for FraudWatch International services, and then shows how they have stayed reasonably stable thereafter.
The Many Faces of Brand Abuse
The criminal group began to change the look and layout of their website, to try and prevent our systems from detecting the websites. This included changes in the coding languages used for the website by moving from PHP to Flash, in an attempt to prevent detection of code and text on the page. These measures proved futile and did not stop us from locating and having the content removed.
The site owners then tried to stop us from viewing the websites, by blocking our IP addresses in the hope that we would give up if we weren’t able to see the content. We were able to quickly overcome these tactics and continue our day-to-day monitoring and takedown processes.
By this time, several months had passed, and we had been through several different hosts, IPs and versions of the website. The number of domains being registered each time was getting smaller and smaller, and the newer versions of the website had different layouts including less and less of our client’s branding.
As time went on, the websites eventually changed their branding, so that it no longer included our client’s brand. They had finally realised that we would continue to have their websites taken offline if they persisted in using our client’s brand.
This is a screenshot of a site that fraudulently used our client’s branding. To maintain the anonymity of our client the image has been edited of its original content.
These days, there are only a small number of websites that are still using the Gambling Company’s branding. While we continue to consistently monitor for any fraudulent content through our Anti-Phishing and Brand Abuse services, there has been a significant decline in incidents and attacks. The struggle to keep their gambling websites online has successfully deterred criminals from targeting our client’s brand, as the return on investment for the criminals simply isn’t profitable.