How Businesses Can Fight Back Against Spoofing

By Wayne Xu

A version of this blog post was published as a column in The Daily Record.

Businesses are often the unintended victims of scams, including advanced fee scams and fake domain name scams, many of which involve the misappropriation or “spoofing” of a legitimate business’s identity and reputation to entice victims. Business reputations and goodwill can be irreparably harmed as a result.

Many well-known companies, such as Disney, Netflix, and FedEx have been spoofed, but scammers also spoof countless smaller businesses. In some instances, the victim may erroneously believe that the legitimate business was behind the scam. Here’s what businesses can do to stop scammers from spoofing their identities.

How the scams work

Advanced fee scams come in different forms, including the infamous “Nigerian prince scam.” Although the narratives vary, they all trade on a legitimate business’s good reputation to convince the victim to send money to the scammer. Using email, social media, or other means, the scammer entices the victim to deposit a genuine-looking but absolutely fake check from the scammer. Many of these counterfeit checks appear to originate from legitimate businesses.

Once deposited, “funds” from the fake check may immediately appear ready for withdrawal. The scammer, usually mimicking a business’s identity, then coerces the victim to wire or otherwise return a portion of those deposited “funds” as part of a reimbursement for overpayment, transaction fee, or some other payment that plausibly flows from the narrative. But when the victim’s bank recognizes the check was a fake, the fake check bounces, and the victim is conned out of the money that was wired to the scammer.

In the fake domain name scam, scammers register a website address (domain name) that closely resembles a legitimate company’s domain name (using “.org” instead of “.com,” for example). Then, the scammer mimics the legitimate business’s documents, letterhead or email address in order to con third parties. Suppliers may be conned into sending products to the scammer that will then be invoiced to the legitimate business, and customers may be conned into purchasing non-existing products.

The response

It is impossible to prevent a scammer from spoofing your business. Businesses should be vigilant, however, and can find out when it happens. Many of these scams originate on the internet, so a business should periodically search online and social media venues for websites and posts that are masquerading as originating from the business or its employees.

If a business has been spoofed, it should first consider alerting potential victims, such as suppliers and customers. It should then act quickly to disincentivize the scammer from further misappropriation of its name and reputation. Scammers are creatures of anonymity and pseudonyms; if they realize that basing their scam on a particular business is likely to expose their identities, it is not worth their risk, and they may stop – or at the very least, work their scam using a different business.

The business should also file complaints with the FBI’s Internet Crime Complaint Center (IC3) and the Federal Trade Commission (FTC). Although contacting local police is an option, these scams often originate from a different state or another country. IC3 will review the complaint and forward it to the appropriate international, federal, state, or local agency. The IC3 complaint form is found at ic3.gov/complaint. The FTC’s Complaint is found at ftccomplaintassistant.gov.

Identifying the scammers in complaints to IC3 or FTC also increases the chances of shutting down the scam. With advance fee scams, the scammer may send to the victim an actual address or bank routing number to which the victim is instructed to deposit funds. The addresses or routing numbers may be stolen or operated under pseudonyms, but this information should be forwarded to the authorities.

Identifying the scammer behind fake domain names is particularly challenging. All domain names, including “fake” ones, are registered with registrars such as godaddy.com and networksolutions.com. Begin at whois.icann.org, a webpage that will reveal the contact information of the registrant and registrar of any domain name. The scammer will likely have used a private company to register the domain name so its identity will be hidden. However, the registrar’s contact information should be visible. Registrars’ user policies prohibit use of domain names to propagate scams.

Spoofed businesses should inform the registrar of the “fake” domain name and violation of the registrar’s policy. The registrar should then investigate the claim and shut down the “fake” domain name. Investigation by the registrar may even lead to the registrant’s identity. Coordinating dialogue between the registrar and the police could be beneficial at that point.

An attorney’s role

Retaining an attorney with experience responding to these scams could be helpful. An attorney can conduct additional research or file a “John Doe lawsuit,” which enables the spoofed business to serve discovery subpoenas on third parties (banks, landlords, social media venues, web hosting companies, for example) who may possess information regarding the scammer. Additional investigation could peel away at the layers of fake or stolen identities and lead to identification of the actual scammer. Once identified, a cease-and-desist letter referencing the federal laws being violated, such as mail fraud, wire fraud, and bank fraud, could be sent to the scammer, with a copy to the relevant authorities.

Conclusion

A business should always respond to being spoofed. Doing nothing sends a message to the scammers that they are free to continue trading on the business’s good name. Stopping scammers from spoofing a business’s goodwill and reputation is not easy or quick and requires persistent effort. This effort and associated costs, however, may pale in comparison to a business’s lost opportunities, customers, and goodwill should the scammers be allowed to continue unabated.