UPDATED 21:02 EST / FEBRUARY 11 2021

SECURITY

Proofpoint sues Facebook over lookalike domain names used in security training

Cybersecurity firm Proofpoint Inc. has filed a lawsuit against Facebook Inc. to allow it to keep a number of domain names that imitate Facebook and Instagram used in security training programs.

The drama began in November when Facebook filed a Uniform Domain-Name Dispute-Resolution request with domain registrar Namecheap Inc. to gain control of several domain names that were mimicking Facebook and Instagram brands.

The domain names included facbook-login.com, facbook-login.net, instagrarn.ai, instagrarn.net and instagrarn.org. An arbitrator subsequently ruled on Jan. 25 that the lookalike domains should be transferred to Facebook within 10 days.

Facebook argues that the domain names are registered in bad faith and are confusingly similar to its brands. Proofpoint argues in its lawsuit filed Feb. 9, however, that the domain names are not confusing. It says the domain names were registered in good faith and for legitimate purposes, in this case, security and phishing training.

“Consumer confusion is unlikely because Proofpoint clearly states on the websites to which the domain names are pointed: ‘Hi! This web site belongs to Proofpoint Security Awareness Training. This domain is used to teach employees how to recognize and avoid phishing attacks,’” the lawsuit states.

“By using domain names similar to those of well-known companies, Proofpoint is able to execute a more effective training program because the workforce is more likely to learn to learn to distinguish typo-squatted domains, which are commonly abused by bad actors to trick workers, from legitimate domain names,” the lawsuit adds.

Although the idea of using misspelled or fake domain names for security testing on the surface seems to be a solid idea, some question whether Proofpoint taking legal action is the right way to deal with the issue at hand.

“I think, litigation over the issue is a very bad idea,” Ilia Kolochenko, founder and chief executive of web security company ImmuniWeb, told SiliconANGLE. “First, Proofpoint uses the domains in question for commercial activities, or at least to further its direct commercial interests and business. Second, Facebook still has the right to prevent trademark dilution: in the specific context, Facebook may successfully argue that leveraging their platform as a phishing example – may scare away existing or new users and otherwise damage Facebook’s reputation.”

Kolochenko added that he thinks Facebook has a good chance to prevail in court. “Eventually, this dispute being taken into a court may create a dangerous legal precedent that would hinder most of the legitimate anti-phishing exercises and training by cybersecurity companies,” he said. “The best solution would probably be to get contractual permission from Facebook to use its name for specific purposes and pay Facebook a fair consideration for this.”

Photo: Patrick Feller/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU