Tuesday, February 08, 2011

WARNING: Scammers could be trying to Hi Jack your law firms website and brand - A salutary tale

As a medium sized law firm in a hugely competitive field we have learned how to market ourselves on the internet extremely effectively. We are, in my not so humble opinion, ahead of the game.

Our web tentacles spread far and wide. We market on blogs, on niche websites and spend good amounts of dosh on search engine optimisation (seo: Google it, you'll be amazed how much you are missing out on!). We also use pay per click rather successfully and were very early ppc adopters starting in 2002 - how may law firms do you know who can say that..? 

Just reading that back you would think that we have every reason to be rather pleased with ourselves... you'd be right...we are.

This week however we had a rude awakening and if this can happen to sharp suited web hungry geezers like us - then it can almost certainly happen to you or your law firm.

Someone had hi-jacked our brand name and had created a website to mirror (not "scrape" but closely mirror) our own. It transpired that a Nigerian outfit had knocked up a site using our firms name in the url domain, they slapped a very poor grade copy of our logo image on there and effectively were masquerading as our firm. We received a tip off from an anonymous person who we suspect was either a disgruntled member of the scamming squad or more than likely someone who had fallen victim to a ruse backed by the site.

A little bit of research identified that the scam site contact address was the same  as the First Bank of Nigeria in London, a palatial pile - clearly bogus. The phone number routed to a voice mail and the enquiry form was broken which meant it was therefore unusable. 

Disppointingly, Google had ranked this site on page 3 for OUR brand name. Despite the site having no incoming links, not being registered in the UK and having no relevant content beyond a few rambling phrases. We had no idea how the site was being used but there can be no doubt it was doing our firm a lot of harm by being visible and purporting to be connected to our business.

Now as Ive already stated, we are no mugs when it comes to all things internet and we took less than 24 hours to get the site pulled from the web. However it did shake us a little and we were shocked by the lack of support and guidance available to firms in this situation. The Law Society and SRA were not particularly helpful Im afraid to say.

So here is a summary of the steps we took to pull the site and remove the threat to our business:

1) Firstly we checked the WHOIS of the site to determine who owned it and when it was first registered

2) We then checked the source code of the site to see if any trace of an identity had been left within the code - such as a company footprint, web design team, template ID or web link to another organisation. We found zip as it happens.

3) We searched Google/Yahoo/Bing to find out how deep the site had been indexed and whether there was any real threat to our brand name and reputation. This site was actually ranking for some of our branded terms. Not good.

4) We found out through the WHOIS that the site was hosted by a slightly dodgy looking firm in, of all places, Vietnam. This did not fill us with confidence - however we sent an email to the hosting company (there was no phone number) notifying them of the scam site and threat to our business. We politely suggested they take the site down whilst investigations continued - note: we did not make any threats, the email was forensic and well balanced. Any reasonable person would view it as such. We figured there was no point in blustering legal profanities at them - you could hardly play UK law games with a business operating from a bedroom in Hanoi.

5) We contacted Nominet who control the register for UK domain names. They were not helpful Im sorry to say. Crucially though, we took steps to escalate a complaint about the extremely apathetic response we received and we had a manager on the phone before long who assured us some action would be taken to pull the site - but not for 30 days. This is the standard time-frame they allow for site owners to respond to  any allegations. Nominets response was in the end pretty good - but we had to push and push hard to get anywhere. (You can reach their dispute team on tel: 01865 332211)

6) We spoke to the Law Society & SRA who were politely ineffective despite telling us this was a common occurrence. If it is a common occurrence - why is there no firm action plan to help law firms in this situation??

7) We could have written to the main search engines - Google in particular take scam sites seriously and would pull the site from their index if we persuaded them of the dangers. You can lodge such a request here 

8) We also phoned the Met Police who have a dept dedicated to this kind of fraud. They were not too interested and in real terms one cannot blame them. There are more serious issues out there than a spoof legal website.

9) As stated earlier, we tried calling the scam website number, sent an email etc but this was fruitless.

In the end, the most effective of these measures and perhaps the one that elicited the most surprising outcome was step 4) ... our friends in Hanoi. believe it or not they actually took the site down within 24 hours of our message. A very brief response from them simply read "phishing site taken down"...!!!

So after all our misgivings the one organisation we had the least faith in - actually delivered the best response.

How can you avoid this as a web business owner...? Truth is you cant. However I would urge all businesses to scan the web regularly for spoof sites and drill deep into say page 4 or 5 of Google to unearth possible threats. They may be out there and they may just be damaging your reputation.

I hope in relaying this tale that other businesses - whether they be law firms or not - can gain something from our experience. The world wide web is indeed wonderful ... but it can also be an untamed beast.

You live and learn...!

5 comments:

Ves said...
This comment has been removed by a blog administrator.
ClickLaw24 said...
This comment has been removed by a blog administrator.
ClickLaw24 said...
This comment has been removed by a blog administrator.
ClickLaw24 said...
This comment has been removed by a blog administrator.
ENGANIL said...
This comment has been removed by a blog administrator.