Facebook is suing Arizona domain name registrar Namecheap and its proxy service Whoisguard for allowing people to register domain names that “deceive people by pretending to be affiliated with Facebook apps,” the company said in a blog post on Thursday.
Whoisguard registered 45 domain names — including instagrambusinesshelp.com, facebo0k-login.com, and whatsappdownload.site — that infringe on Facebook’s trademarks, according to the post by Christen Dubois, Facebook’s director and associate general counsel of IP litigation.
Faked domains are often used in phishing attacks
“We regularly scan for domain names and apps that infringe our trademarks to protect people from abuse,” Dubois writes. “We sent notices to Whoisguard between October 2018 and February 2020, and despite their obligation to provide information about these infringing domain names, they declined to cooperate.”
A Namecheap spokesman said in an emailed statement to The Verge that the company takes fraud and abuse allegations “extremely seriously” and investigates reports of abuse. In instances of trademark claims, the company directs complainants to follow standard industry protocol, says Derek Musso, Namecheap head of PR and communications.
“Outside of said protocol, a legal court order is always required to provide private user information,” Musso says. “Facebook may be willing to tread all over their customers’ privacy on their own platform, and in this case it appears they want other companies to do it for them, with their own customers. This is just another attack on privacy and due process in order to strong arm companies that have services like WhoisGuard, intended to protect millions of Internet users’ privacy.”
Faked domain names are frequently used in phishing attacks to trick users into thinking a site is connected to a legitimate company. Facebook filed a similar lawsuit in October against domain registrar OnlineNIC and its proxy service ID Shield for registering nearly two dozen domain names, including www-facebook-login.com and hackingfacebook.net, some of which were being used for malicious activity.
It was not the first time San Francisco-based OnlineNIC was accused of registering fake domain names. In 2008, Verizon won a $33.2 million lawsuit against OnlineNIC, claiming it had registered 663 domains that infringed on Verizon’s copyright.
Facebook’s suit against OnlineNIC is still ongoing, the company says. “Our goal is to create consequences for those who seek to do harm and we will continue to take legal action to protect people from domain name fraud and abuse,” Dubois wrote in Facebook’s post.
Update March 5th, 6:10 PM ET: Added comment from Namecheap spokesperson.