Although domain name disputes involving adult content are among the oldest types of cybersquatting schemes, it seems as if porn sites using someone else's trademarks are less common than in the past -- perhaps because cybersquatters have found more effective ways to monetize their domain names. Or perhaps because they've consistently lost domain name disputes where sex-related websites are involved. Despite this background and the recent trend, one UDRP case is notable: <badhellokitty.com>.

For the benefit of those who don't have young children, or weren't children themselves since the mid 1970s, "Hello Kitty" is a fictional character originally aimed at pre-adolescent girls whose image first appeared on a vinyl coin purse and now can be seen on everything from plush toys to diaper bags to dresses. The "Hello Kitty" brand is owned by a company called Sanrio, which says the character "loves to bake and she can make really delicious cookies."

The Los Angeles Times has described "Hello Kitty" as "a part of global popular culture" since 1974, and Wikipedia cites the Detroit Free Press for valuing the "Hello Kitty" brand at "about $7 billion a year."

Naturally, the character's value holds appeal for those who want to take advantage of it, regardless of their rights or the consequences of their actions.

Enter <badhellokitty.com>.

In a UDRP dispute filed by Sanrio, the panel said simply that the domain name was used by its registrant in connection with "adult oriented materials." A search of the Internet Archive's Wayback Machine (which UDRP panels often cite) shows that the domain name was previously used to promote a woman who describes herself as Mistress Kitty -- "a Fetish Professional" who specializes in such things as "Sensual Bondage" and whose "greatest joy" is in "helping someone realize their deepest, darkest fantasies."

(Interestingly, a photograph of Mistress Kitty shows her with a patch of pink across the front of her blonde hair -- similar to the pink ribbon that the Hello Kitty character always displays across her white head.)

The website using the <badhellokitty.com> domain name included photographs of Mistress Kitty performing some of her services with a nude man. Another page lists Mistress Kitty's fees, starting at $250 per hour.

Regardless of what anyone may think of Mistress Kitty, her services or the photos on her website, one thing is without question: The content is not suitable for children. And the UDRP panel readily agreed, entering an order with minimal discussion that the domain name should be transferred to Sanrio (which, presumably, will maintain the domain name registration but disassociate it from any website).

Of course, not all sex-related cybersquatting takes advantage of popular children's brands. But frequently, using a domain name that contains someone else's trademark in connection with adult-related content is not something that domain name panelists look upon favorably.

As one UDRP panel wrote many years ago, in a dispute against the popular cybersquatter John Zuccarini:

Respondent’s acts of typo-squatting and redirecting the Domain Name to pornographic websites do not qualify as a bona fide offering of goods or services.... Bad faith is further evidenced by Respondent’s use of the Domain Name to forward Internet browsers to websites featuring pornographic material.

The <badhellokitty.com> case is just one of the latest examples of cybersquatting and adult-related content. It also makes clear that anyone -- any trademark owner -- can be targeted by cybersquatters without regard to the impact on consumers.

Click above for a replay of the GigaLaw webinar, "Cybersquatting and Banking: How the Financial Services Industry Can Protect Itself Online." The webinar was presented live on May 11, 2016. In this free webinar, Doug Isenberg of GigaLaw and Craig Schwartz of fTLD Registry Services provide important information about how domain name fraud is affecting the financial services industries, including banking and insurance, and what businesses and consumers can do to protect themselves online. While some new top-level domains (such as fTLD’s .BANK and .INSURANCE) provide protection for trademark owners, the availability of nearly 1,000 new TLDs is also creating new opportunities for cybersquatters.

As recent news reports indicate, online banking scams are leading to multi-million-dollar losses, so the need has never been greater to safeguard the future of conducting financial transactions on the Internet.

This webinar will explain how trademark owners in the financial services industry (and other frequently targeted business sectors) — as well as anyone who interacts with these industries online — can proactively protect themselves against cybersquatting and use important rights protection mechanisms such as the Uniform Domain Name Dispute Resolution Policy (UDRP) and the Uniform Rapid Suspension System (URS) to respond to online attacks.

Playing time is approximately one hour.

Related blog posts:

• The Growing Threat of Cybersquatting in the Banking and Finance Sector
• The Hope and Threats of New Domain Names for the Financial Services Sector
• Old Cybersquatting Tactic is New Again: A Case Study from the Banking Industry

Many trademark owners are continuing to fall for one of the oldest tricks in the cybersquatter's handbook: Failing to register a domain name that contains "www" as its first three characters. To be clear, I'm referring to a second-level domain that includes "www" in it -- not a web address (or URL) that uses "www" at the beginning as a third-level domain.

For example:

• In the URL www.bankofamerica.com, the relevant (second-level) domain name -- that is, the portion that is (or, rather, was) available for registration to anyone -- is simply "bankofamerica".
• In the URL wwwbankofamerica.com (without a dot between "www" and "bankofamerica"), the relevant (second-level) domain name is actually "wwwbankofamerica".

The difference in the above two examples is that the second one ("wwwbankofamerica.com") includes the characters "www" as a part of the domain itself. And, as a panel under the Uniform Domain Name Dispute Resolution Policy (UDRP) wrote in one of the earliest decisions addressing this type of activity, <wwwbankofamerica.com> "takes advantage of a typing error (eliminating the period between the www and the domain name) that users commonly make when searching on the Internet."

Since Internet users commonly, and unintentionally, "drop the dot," they end up at a website that may be unrelated to the website they were seeking. In the nearly 16-year-old Bank of America case, the domain name registrant "transport[ed] users to a website that [wa]s designed to derive revenue and profits from the banner ads and other commercial content," according to the UDRP decision.

Despite the age of the Bank of America UDRP decision, cybersquatters are still registering domain names that contain an unnecessary and misleading "www" -- because trademark owners still forget to register those variations of their trademarks as domain names. Recent UDRP decisions include those involving the following domain names:

• <wwwcalbanktrust.com>
• <wwwlegoworlds.com>
• <wwwnetbet.com>
• <wwwallianzworldwidecare.com>
• <wwwthehartford.com>
• <wwwcarrefour.com>
• <wwwfurla.com>
• <wwwathenahealth.com>
• <wwwmicrosoftword.com>
• <wwwchoicehotels.com>

In an variation on the same theme, some cybersquatters register domain names containing "www-" at the beginning (to catch Internet users who mistype a dash instead of a dot). Recent UDRP decisions in that scheme include those involving the following domain names:

• <www-lendingtree.com>
• <www-youtubeaccelerator.com>
• <www-capitalonebank.com>
• <www-exness.com>

In all of the UDRP decisions for the domain names listed above, the trademark owners prevailed, obtaining orders transferring the domain names away from the cybersquatters. But, in some (if not all) cases, not before damage was done. In the Choice Hotels case, for example, the trademark owner alleged that the domain name "resolve[d] to either third-party websites offering competing hotel reservation services or sites comprised of pay-per-click links to competing hotel reservation services," according to the UDRP decision, apparently resulting in lost business. Similarly, in the Capital One case, the domain name directed Internet users to "competing services."

UDRP panels typically have no reluctance to find such "www" domain names confusingly similar to the relevant trademarks. In the Carrefour case, for example, the panel wrote: "The similarity between the mark and the disputed domain name is obvious and does not require elaboration."

In addition, UDRP panels often find inclusion of "www" in a domain name containing a third party's trademark to constitute evidence of bad faith, in and of itself. Such a practice "is an obvious case of typosquatting," as the panel in the Furla case said.

In other words, these "www" domain names are typically strong UDRP cases for trademark owners, even if some of them could have been avoided in the first place by strategic domain name registrations.

A just-launched ICANN "working group" (of which I am a member) will -- eventually -- help to determine the future of the Uniform Domain Name Dispute Resolution Policy (UDRP), the 17-year-old domain name arbitration system that has been embraced by trademark owners and criticized by some domainers; as well as the Uniform Rapid Suspension System (URS), the new (and limited) arbitration process that applies to the new gTLDs. The Policy Development Process Working Group has been chartered by ICANN's Generic Names Supporting Organization (GNSO) Council to review the rights-protection mechanisms (RPMs) that have been developed for all generic top-level domain names (gTLDs). Despite the numerous acronyms necessary to describe the group, the charter is relatively straightforward and includes two phases:

• Phase One will focus on "a review of all the RPMs that were developed for the New gTLD Program" -- including "the Uniform Rapid Suspension System (URS); the Trademark Clearinghouse (TMCH) and the associated availability through the TMCH of Sunrise periods and the Trademark Claims notification service; and the Post-Delegation Dispute Resolution Procedures (PDDRPs)."
• Phase Two will focus on "a review of the UDRP" -- which the charter notes "has not been subject to comprehensive review."

The list of potential questions the group will address include important issues, such as:

• Should UDRP complaints be subject to a statute of limitations?
• Are domain name registrants' free speech rights adequately protected under the UDRP?
• Should the UDRP's requirement that a domain name be "registered and is being used in bad faith" be changed to registration or use in bad faith, as under some other domain name dispute policies?
• Should UDRP panels be able to award monetary damages?
• Should default judgments be available if a domain name registrant fails to file a response?
• Should complainants face penalties for "reverse domain name hijacking" -- that is, when the UDRP has been used in bad faith?
• Should the URS allow for a "perpetual block" of a domain name, not just a temporary suspension?

And these are just a few of the nearly 100 "potential issues for consideration" listed in the group's charter.

Given its large (and, in many cases, surely controversial) agenda -- and, in any event, like all ICANN activities -- this RPM working group likely will take a long time before issuing its reports; one of the group's anticipated three co-chairs suggested during the first phone call that it would probably be "late 2017" before Phase One is complete -- and even that timing could be optimistic. Plus, any resulting recommendations ultimately must be approved by the ICANN board, as set forth in the GNSO Policy Development Process (PDP) .

As a result, although it's impossible to know what the RPM working group will decide on any of the topics on its plate, it's safe to say that no changes to the UDRP or the URS are imminent.

Fact: A company called Rocketgate PR LLC, which owns a U.S. registration for the trademark ROCKETPAY, filed two UDRP complaints on the same date against two different domain name registrants -- for the domain names <rocketpay.com> and <rocketpays.com>. (The only difference is that the latter domain name is plural.) In both cases, the disputed domain names were associated with inactive websites. The UDRP cases were assigned to two different panelists, who issued their decisions one day apart.

Surprise: Rocketgate won one of the UDRP cases and lost the other one. And, no, the singular v. plural domain names had nothing to do with the different outcomes.

While critics are quick to blame UDRP panelists for inconsistent decisions, the Rocketgate cases are easily distinguishable. And, they provide a good reminder about a fundamental requirement of the UDRP as well as the need to submit complaints that are well-argued (at least, where the facts make such arguments appropriate).

So, why did Rocketgate receive a split decision in these cases? The answer, actually, is very simple.

Registration Dates Matter

In both cases, the panels found that Rocketgate prevailed on the first of the three UDRP elements, that is, that the disputed domain names were identical or confusingly similar to a trademark in which Rocketgate held rights. As the panel in the <rocketpays.com> decision wrote, the additional letter "s" (which does not appear in the ROCKETPAY trademark owned by Rocketgate) was irrelevant, noting that "such a minor spelling alteration" cannot "negate a finding of confusing similarity which is otherwise present as it is in this case."

However, in the <rocketpay.com> case, which Rocketgate lost, the panel found that Rocketgate failed on the second element of the UDRP, which requires a complainant to establish that the respondent has "no rights or legitimate interests in respect of the domain name" -- because the domain name was registered in 2002, more than 12 years before Rocketgate began using the ROCKETPAY trademark.

Indeed, as the <rocketpay.com> decision reports, the respondent argued that "unless he was a 'psychic', he could not have registered a domain name to tarnish a trademark filed 12 years later."

This is consistent with the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Second Edition, which addresses the question of whether a domain name registrant acts in bad faith (the third UDRP element) if it registers a disputed domain name before the complainant's trademark rights arose:

Generally speaking, although a trademark can form a basis for a UDRP action under the first element irrespective of its date..., when a domain name is registered by the respondent before the complainant's relied-upon trademark right is shown to have been first established (whether on a registered or unregistered basis), the registration of the domain name would not have been in bad faith because the registrant could not have contemplated the complainant's then non-existent right.

In the other Rockegate UDRP decision (for <rocketpays.com>, which Rocketgate won), the domain name was registered much more recently -- eight days after Rocketgate established trademark rights in the ROCKETPAY trademark, according to the decision. In that case, the panel found the timing of the domain name registration significant and indicative of "opportunistic bad faith." The panel said, "it can scarcely be a coincidence that Complainant began using the ROCKETPAY mark on October 1, 2014 and Respondent registered the domain name on October 9, 2014."

Two Important Lessons

The Rocketgate decisions provide important lessons about domain name disputes under the UDRP.

First, the facts of every case are always important. Just because a domain name is identical to a trademark does not mean that the trademark owner will prevail. As the Rocketgate decisions make clear, this is only one of three equally significant tests under the UDRP, and the trademark owner must win on all three elements to win the dispute.

Second, both of the Rocketgate decisions provide important reminders that every UDRP case must be supported by appropriate facts and legal arguments. Even in the case that Rocketgate won, the panel criticized Rocketgate for its weak complaint, at one point noting that "Complainant has not provided evidence of this allegation" and at another point admonishing Rocketgate that "parties and their advisers are reminded that they should adduce evidence of all allegations made."

Perhaps the real surprise in this pair of cases is not that Rockegate lost one of them, but that Rocketgate won one of them. The split decisions should encourage trademark owners to pick their cases carefully -- and then argue and support them forcefully.

In the early days of domain name disputes (that is, the mid-1990s), cybersquatters targeted trademark owners by registering exact trademarks in the .com top-level domain (TLD) -- often, because a trademark owner had not yet heard (or appreciated the potential) of the Internet. A writer for Wired magazine famously registered <mcdonalds.com> and, in an article in October 1994, wrote about how he struggled to educate the fast-food chain about domain names. "It's easy to find an unused domain name, and so far, there are no rules that would prohibit you from owning a bitchin' corporate name, trademarked or not," Joshua Quittner wrote almost 22 years ago, before most of the public really knew about domain names.

Indeed, many of the early decisions under the Uniform Domain Name Dispute Resolution Policy (UDRP) involved so-called exact-matches of well-known trademarks: <christiandior.com>, <encyclopediabrittanica.com>, <general-electric.com>, <baileysirishcream.com>, <hamburgerhamlet.com>, <stanleybostitch.com>, <greenbaypackers.com>, <southerncompany.com> and many, many more.

The Evolution of Cybersquatting

But then, as trademark owners woke up to the Internet, they proactively registered their primary trademarks as domain names if they were still available. Or, they used the UDRP or the courts to wrestle them away from cyberquatters. And, then even tried to get a step or two ahead of the cybersquatters by registering in less-popular TLDs such as .net and .org.

As a result, cybersquatting evolved. Exact-matches became less popular, and "typosquatting" -- that is, the registration of a domain name that contains a typographical variation of a trademark, such as <plaboy.com> and <wallstreetjouranl.com> -- took off. Cybersquatters also began to register domain names that contained words in addition to a trademark (such as <lexuschicago.com> and <gayebay.com>). None of these changes eliminated cybersquatting (indeed, the number of UDRP complaints continues to rise), they just changed the landscape.

Now, the arrival of hundreds of new TLDs is making the old form of cybersquatting new again.

The Case of comerica.mortgage

For example, Comerica Bank, which uses the <comerica.com> domain name (created September 1995) recently filed a UDRP complaint for the domain name <comerica.mortgage>.

According to the UDRP decision, Comerica is one of the 35 largest U.S. financial and bank holding companies, with more than $71 billion in assets with offices in Canada and Mexico, in addition to the United States. It began using the COMERICA trademark in 1982 and owns numerous United States registrations for the mark. In addition to using the <comerica.com> domain name, Comerica also wisely registered <comerica.net> and <comerica.org> (both created February 1998).

Despite its size and apparent Internet savvy, Comerica did not register <comerica.mortgage> when the .mortgage TLD was launched in 2014. While it's unclear why Comerica chose to pass on this domain name, someone else registered it and, according to the UDRP decision, "offered to sell the disputed domain name to [Comerica] at a price higher than what he paid for it" and also "redirect[ed] [it] to a website where Respondent offers other domain name names for sale."

Fortunately for Comerica, the UDRP panel had no problem finding that the bank satisfied all three elements of the domain name dispute policy, that is:

• The domain name <comerica.mortgage> is confusingly similar to the COMERICA trademark. Indeed, the panel wrote that "the addition of the '.mortgage' gTLD serves to enhance the likelihood of confusion because it references the field in which Complainant operates." (As I've written before, the TLD has increasingly become an important factor in some UDRP disputes. See, "When is the Top-Level Domain (TLD) Relevant in a Domain Name Dispute?")
• The registrant of the <comerica.mortgage> domain name had no rights or legitimate interests in it because Comerica "ha[d] not licensed or otherwise permitted Respondent to use the COMERICA Mark, and... there is no evidence that Respondent has been commonly known by the disputed domain name. Further, the Panel finds that Respondent’s use of the disputed domain name to redirect to a website which Respondent is using to sell other domain names is not a bona fide use."
• The <comerica.mortgage> domain name was registered and used in bad faith because, among other things, the .mortgage TLD "references [Comerica's] business" and the registrant "intentionally attracts Internet uses to Respondent’s own website by creating a likelihood of confusion with Complainant’s mark, and he commercially benefits from this confusion by offering domain names for sale at this website."

As a result, the UDRP panel ordered transfer of the <comerica.mortgage> domain name to Comerica, and Comerica now simply redirects it to its existing website at www.comerica.com.

Interestingly, however, Comerica does not control the exact-match of its trademark in other new TLDs, such as .money, .fund or .financial. Although these domain names have not been registered by Comerica, they also haven't been registered by anyone else -- which means that Comerica may find itself filing additional UDRP complaints in the future. Indeed, in addition to <comerica.mortgage>, Comerica also already has filed (and won) a UDRP complaint for <comerica.xyz>. (Although the .xyz TLD does not necessarily relate to the banking and financial services industry, it has proven to be one of the more popular new TLDs.)

What to Do

As the Comerica decisions make clear, cybersquatters are finding new opportunities in the new TLDs. And, Comerica is certainly not alone, as other trademark owners -- not only in the banking and financial services sector, but in virtually all industries -- need to pay renewed attention to how domain names affect their brands.

It['s still early in the launch of new TLDs, but cybersquatters often stay one step ahead of trademark owners. So, for those companies that fail to register their trademarks in the new TLDs and later find problems, the UDRP -- and, to some extent, the Uniform Rapid Suspension System (URS) -- should prove to be very helpful.

If a website uses a domain name containing the word "bank," is it really a bank? The answer may be as puzzling as the ancient thought-provoking philosophical question, "If a tree falls in a forest and no one is around to hear it, does it make a sound?" With the rising problems that banks and other financial institutions are facing online, the question is becoming increasingly important.

Fortunately, there's a (relatively) short answer to the bank domain name question. Unfortunately, it's like the answer to many legal questions: It depends.

It depends where in the domain name the word "bank" appears:

• If the word "bank" is a part of the second-level portion of the domain name, such as <bankofamerica.com>, then the corresponding website may or may not be for a real bank. (To be clear, the domain name I just cited as an example is indeed used by Bank of America -- a real bank.) That's because second-level domain name registrations in most top-level domain names (such as .com) are not restricted. In other words, anyone can register a second-level domain containing the word "bank" in the .com top-level domain.

• On the other hand, if the word "bank" is actually the top-level domain (TLD) -- that is, .bank -- then the domain name must be associated with a website for an actual bank or related entity. That's because the .bank TLD, operated by fTLD Registry Services (which also operates .insurance), is restricted. Specifically, fTLD's Registrant Eligibility Policy for .bank states that .bank domains are available only for "[s]tate, regional and provincial banks that are chartered and supervised by a government regulatory authority," or certain other qualified banks or bank-related entities.

The distinction is an important one.

That's because many domain names with the word "bank" in the second level are not registered by banks and, instead, have been used to conduct various scams. For example, the domain name <capitallbank.com> was used by a cybersquatter (not by Capital Bank) to "conduct a phishing scheme designed to obtain sensitive personal and financial information" from Capital Bank's customers.  Other domain names, such as <amgybank.com> and <td-bank-support.com>, have been used by cybersquatters to provide banking-related links that were not necessarily associated with the obvious trademark owners (that is, Amegy Bank and The Toronto-Dominion Bank).

Fortunately, all of the domain names in the preceding paragraph, which were once registered by cybersquatters, were transferred to the real banks through proceedings under the Uniform Domain Name Dispute Resolution Policy (UDRP).

Real banks apparently are finding the .bank TLD attractive. For example, Badger Bank in Wisconsin is now using the domain name <badgerbank.bank> because " banking staff knew that instituting a .BANK domain name would help solidify its strategic plan of focusing on cybersecurity measures to better serve its customers."

But, not all of the new gTLDs are restricted, including many of those that might be attractive to banks or other financial service providers. For example, .creditunion is intended for use only by "organizations that have a nexus with the credit union sector." But .creditcard is unrestricted.

Given the long list of new gTLDs that are associated with the banking and financial services industries -- such as .accountant, .broker, .financial, .fund, .markets, .money, mortgage, .netbank and .trading (just to name some!) -- the potential for confusion (by both trademark owners and their customers) is apparent.

Additionally, many of the hundreds of other new gTLDs that have nothing to do with the financial services sector are being used by cybersquatters. For example, banks already have filed and won UDRP complaints for the domain names <dollarbankloancenter.xyz>, <citibank.porn>, <hancockbank.online> and <tdbank.email>.

Thus, it is apparent that the new gTLDs are providing both opportunities and significant new risks for banks and other financial service providers. As a result, these organizations must become even more vigilant in policing domain names that violate their trademarks , to protect their customers as well as the future of their ability to safely conduct business online.

The apparent cyber heist of of $81 million from the Bangladesh central bank's U.S. account may cause some people to question the security of online banking. While the online theft prompted SWIFT -- a cooperative owned by 3,000 financial institutions around the world -- to make sure banks are following recommended security practices, the incident also could have ramifications for banking customers worldwide. Indeed, the Bangladesh online banking break-in comes just as the World Intellectual Property Organization (WIPO) identified the banking and finance industry as the second-most-popular sector to file cybersquatting complaints in 2015. Nine percent of all domain name disputes at WIPO last year were filed by bank and finance owners, second only to the fashion industry.

WIPO identified the following banking and finance entities as among the most active pursuers of cybersquatters: Banco Bradesco, Bank of Scotland, Bloomberg Finance, Comercia Bank, Intesa Sanpaolo, Lloyds, Saxo Bank and Sydbank.

At the Forum, the second most-active provider of domain name dispute services, the list of banks that filed domain name disputes in 2015 is more U.S.-centric, including complaints by American Express, Bank of America, Barclays, Discover Financial Services, OneWest Bank, Regions, TD Bank and Wells Fargo.

Using UDRP and URS to Fight Cybersquatters

While most of these cases were filed under the Uniform Domain Name Dispute Resolution Policy (UDRP), companies from the banking and financial services industries also are taking advantage of the new Uniform Rapid Suspension System (URS) to tackle registrations in the new generic top-level domains (gTLDs), such as .club, .guru, .services, .top, .wiki and .xyz. Morgan Stanley, Principal Financial Services and PayPal have all used the URS to their advantage.

In many cases, the domain name disputes initiated by banks involve phishing scams, that is, where the cybersquatter tries to trick a customer into providing his or her account information. For example:

• In one Wells Fargo case, involving the domain name <welilsfargo.com>, the UDRP panelist found that the registrant of the domain name was "seeking to deceive Internet users by providing a web site containing a near identical copy of [Wells Fargo's] web site and seeking to fraudulently obtain personal information from Internet users through a phishing scam."

• Similarly, in a UDRP case for <lloydsprivatecommercialfinance.com>, Lloyds Bank said that "[t]he disputed domain name is used to host a website appearing to offer financial services, but there is no proof there of any delivery of such services, nor any mention of any official authorization, as would be mandatory. The Respondent appears intent on making unjustified profits or defrauding consumers to reveal personal or proprietary information."

Phishing, Crimeware and Education

These banking-related cybersquatting cases are consistent with a general increase in phishing scams overall: The non-profit Anti-Phishing Working Group (APWG) reported that the financial services industry was the second-most-targeted industry sector in the fourth quarter of 2015 (behind only the retail/service sector). The APWG also notes that access to financial-based websites is the most common target for "crimeware" attacks, which it defines as "data-stealing malicious code designed specifically to be used to victimize financial institutions' customers and to co-opt those institutions' identities."

Although online banking is now commonplace, some customers continue to fall for some scams. Indeed, the Federal Trade Commission warns consumers that they should never click on links in email messages requesting financial information. And individual banks send similar messages. For example, Bank of America cautions their customers about the common "phony email ask[ing] you to go to a website that looks like a Bank of America site, but is actually a site the criminal has set up asking you to provide your personal account information."

Despite these warnings, phishing and crimeware attacks targeting the banking and finance sector are not likely to disappear anytime soon, as the reports from WIPO and the APWG make clear. While banks and financial service providers should continue to educate customers, tackling cybersquatters through the UDRP and URS remain important -- and very effective -- tools to ensure that online banking remains safe.

As a longtime member of ICANN's Intellectual Property Constituency (IPC), I’m impressed by the important work that this group does on behalf of trademark owners worldwide (as I've written before). While some die-hard IPC members spend countless (and, often, thankless) hours working virtually and in-person (at ICANN's global meetings) for the constituency, I find it very educational and worthwhile to participate on an ad-hoc basis. Thanks to active email discussion lists and remote participation technology, the IPC offers numerous opportunities to get engaged with important issues affecting, primarily, the intersection of trademarks and domain names.

For example, at the recent ICANN meeting in Marrakech, Morocco, the Generic Names Supporting Organization Council (a part of ICANN's policy development entity) approved a working group to review all rights protection mechanisms in the generic top-level domains (gTLDs), an area that is of obvious importance to IPC members, who will certainly contribute greatly to its work.

Still, despite all of the the IPC's significance, I often find that many people are simply unaware of what this constituency is -- or, at least, what it does and who drives it. Fortunately, the IPC recently published an updated "one-pager" (well, it's really a 2-page PDF document) about itself, which provides some great introductory information.

Among other things, the document makes clear that the IPC is "primarily focused on trademark, copyright and related intellectual property rights, and their effect on and interaction with the domain name system (DNS)."

The IPC's "key" issues, as described in the document, are as follows:

• WHOIS/registration directory services, including WHOIS accuracy, availability of WHOIS information, translation and transliteration of WHOIS information, privacy and proxy services, and advancements in “next generation” registration directory services.
• Reviews of ICANN’s New gTLD Program including competition, consumer trust and consumer choice, and planning for subsequent rounds.
• Reviews of rights protection mechanisms (RPMs) for the New gTLD Program and for “legacy” gTLDs, including the Uniform Rapid Suspension System (URS), the Trademark Clearinghouse (TMCH), and the Uniform Domain-Name Dispute-Resolution Policy (UDRP).
• Internet governance, including the IANA Stewardship Transition and the associated process to enhance ICANN accountability.
• Issues related to geographical indications and other geographic terms.
• Abuses and concerns related to the New gTLD Program, both overall and with specific registries and new gTLDs.
• Strong, consistent enforcement of ICANN’s contracts with registries and registrars, especially new provisions regarding the protection of intellectual property rights.

I recommend the IPC one-pager for anyone interested in learning more about these issues, including those who might want to join the constituency and further contribute to the protection of intellectual property on the Internet.