Facebook Inc. is suing Arizona domain name registrar Namecheap as well as its proxy service Whoisguard due to the fact that the registrar was allowing people to register certain domain names that “deceive people by pretending to be affiliated with Facebook apps,” the company claimed in its blog post on Thursday.
Whoisguard currently registered 45 domain names (for example, instagrambusinesshelp.com, facebo0k-login.com, and whatsappdownload.site), all of which use Facebook’s trademarks, according to the post by Christen Dubois, Facebook’s director and associate general counsel of IP litigation. Notably, faked domains are predominantly used in cyber-attacks such as phishing.
“We regularly scan for domain names and apps that infringe our trademarks to protect people from abuse,” Dubois writes. “We sent notices to Whoisguard between October 2018 and February 2020, and despite their obligation to provide information about these infringing domain names, they declined to cooperate.”
A Namecheap spokesman acknowledged that the company takes fraud and allegations of user misleading “extremely seriously”and investigates reports of these cases. For example, as per the trademark claims, the company directs complainants to follow standard industry protocol, says Derek Musso, Namecheap head of PR and communications.
“Outside of said protocol, a legal court order is always required to provide private user information,” Musso says. “Facebook may be willing to tread all over their customers’ privacy on their own platform, and in this case, it appears they want other companies to do it for them, with their own customers. This is just another attack on privacy and due process in order to strong arm companies that have services like WhoisGuard, intended to protect millions of Internet users’ privacy.”
Since faked domain names are frequently used in phishing attacks, their main purpose is to deceive users into thinking a site is connected to a legitimate company. Indeed, Facebook filed a similar lawsuit in October against domain registrar OnlineNIC and its proxy service ID Shield for registering two dozen domain names that once again contained registered trademarks such as www-facebook-login.com and hackingfacebook.net, some of which were confirmed of being used for malicious activity.
Although in this previous instance, a San Francisco-based OnlineNIC was already accused of registering fake domain names. In 2008, Verizon won a $33.2 million lawsuit against OnlineNIC after the latter had registered 663 domains that infringed on Verizon’s copyright.
A lawsuit against OnlineNIC is still ongoing, as Facebook confirms. “Our goal is to create consequences for those who seek to do harm and we will continue to take legal action to protect people from domain name fraud and abuse,” Dubois wrote in Facebook’s post.