Your Name, Someone Else's Domain

As more top-level domain suffixes continue to be added to the ubiquitous .com-and as would-be cyber criminals become more creative-the potential for someone to impersonate a credit union online has become both cheap and easy.

For about $5, The Credit Union Journal could have purchased www.pentagonfederalcreditunion.org or www.navycreditunion. org. The same goes for www.boeingemployeescreditunion.com or www.thegolden1 cu.com.

When other extensions, such as .biz, .net, .info and .us were added to the mix, The Journal discovered it could acquire dozens of domain names that could easily be mistaken for a credit union's site. In some cases, The Journal could have registered these domains for free.

Cyber squatting is nothing new, and most of these would-be credit union sites are easily detected as a non-CU site and are nothing more than a nuisance. Typically, they are designed to be something of a financial services portal that directs consumers to a variety of products and services-some of them not even financial services related. They simply use the good credit union name to get people to "walk in the door," so to speak.

"We've got someone out there-we think he's in England-who is using the Pentagon Federal Credit Union name as a means of attracting people to his site," said Glenn McAdams, VP-security and support services with the Alexandria, Va.-based Pentagon FCU. "He's got books and other stuff for sale on his site. Who knows, maybe I'll go buy something from him. The problem is you could be selling a legitimate product, but you're using us to gain the consumer's confidence. But what we're finding is there's only so much you can do in terms of monitoring this type of activity or even going after someone when you find out about it."

Many of the lookalike sites are designed to reach people with credit problems, offering "credit cleaning" services and other credit services at exorbitant rates or fees. So, what does it take to protect the credit union's good name?

"We have 103 names registered," said Georgeann Reeve, manager notes information center and engineering at Navy Federal Credit Union. "It's a relatively small cost with the discount we're getting because of the number of names we registered. It's less than $10,000."

And it's $10,000 well spent, as far as the world's largest credit union is concerned. "It's all about branding and how important our brand is," Reeve explained. "It all goes back to five or six years ago before we had a web presence. We knew even then that it was important to protect our identity and eventually protect the website. We went through the different permutations of our name and how people think of us."

Navy FCU periodically checks the search engines to look for unauthorized links. "We're looking to make sure someone isn't trying to pull someone to their site by using our name," she noted. "Really, that's just about as bad as using our brand."

The key is to simulate the different ways a member might try to search for the credit union on the web. With 103 registered names to keep track of, Navy FCU relies on tools provided by its registrar to monitor when a given domain is about to expire so the CU can reregister it before a cyber-squatter can get a hold of it.

And as Reeve noted, sometimes it's not a question of a domain name being snagged-it can be a search engine "sponsored link" that causes problems.

Navy FCU discovered that www.nextag.com had purchased "sponsored links" on four major search engines: Google, Ask Jeeves, Teoma and AOL. When a consumer typed "Navy Federal Credit Union" into the search engine, a sponsored link would pop up that would take the consumer to the www.nextag.com website instead of Navy FCU's site.

In fact, in working with CUES to investigate the situation, it was discovered that the same sponsored link would pop up no matter what credit union name was typed in-it was simply taking the credit union's proper name and lowercasing letters that should have been capitalized to generate what looked like a link to the CU's website but was actually a link to nextag.com.

That's when CUNA's legal team got into the act and sent a cease-and-desist letter to the search engine. Not long after that, the "sponsored links" bearing credit unions' names vanished from the search engine.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER