Rogue users are exploiting an Amazon.com Inc. brand registry by hacking into a U.S. Patent and Trademark Office database to pose as valid trademark holders, threatening sales by established brands.
The PTO’s database tells Amazon if a brand’s trademark is registered. Each registered trademark has a number. Amazon then looks to see whether a business that wants to sell products on the site submitted a registration number that matches the PTO’s. If it did, Amazon emails an authentication code to the business so they can sell their products on Amazon as trademarked items.
Hackers have been changing business’s email addresses in the PTO’s database so they can divert legitimate authentication codes and use them to make their knock-offs look like trademarked products on Amazon, the company confirmed to Bloomberg Law.
Procter & Gamble Co. and Huawei Technologies Co. Ltd. are among the corporations that list their registered trademarks on Amazon’s registry so buyers can trust that their products are real. Hundreds of thousands of dollars in online sales are at risk for companies if they’re competing with knock-offs posing on Amazon as their trademarked brands, William Stroever, member and intellectual property department co-chair at Cole Schotz PC said.
The PTO reported a more than 11,000 percent spike in suspected or confirmed trademark correspondence fraud over the past four months, from four from July 1-July 28 to 441 from Sept. 31-Oct. 27.
Amazon is working closely with brands and the PTO to improve protections and stay ahead of bad actors, a company spokeswoman told Bloomberg Law, without divulging details.
“Amazon’s proactive technologies and services for protecting brands, including Brand Registry, are increasingly effective,” the spokeswoman said. “As a result, bad actors are attempting to find new ways to abuse our protections.”
Amazon’s online store generates more than 51 percent of the company’s revenue, according to Bloomberg Intelligence data. Amazon’s revenue will be $66.5 billion to $72.5 billion in the fourth quarter of 2018, the Seattle-based company said in its Oct. 25 earnings report.
Commissioner of Trademarks Mary Boney Denison told Bloomberg Law that the PTO is monitoring every address change on trademark applications and registrations while it explores a long-term solution to stop the fraud. Boney Denison declined to identify any of the alleged hackers or name companies potentially affected by the phony email addresses.
Trademark applications and registrations typically list the email addresses of the owner or attorney that filed the trademark. Unauthorized changes would cut off communication between the agency and trademark owner, Boney Denison said.
“It could temporarily block the true owner from selling online and the brand registry might believe the impostor is the true owner,” she said.
One attorney had some ideas of how the PTO could protect its database from hackers.
It could require additional authentication when email addresses are changed and delay email changes to give a trademark owner’s attorney a chance to appeal, Lyle Gravatt, a trademark and patent attorney at Forrest Firm PC, told Bloomberg Law.
Amazon is the only major online retailer that offers a brand registry, and other retailers could follow suit, Gravatt said. “So addressing the issue right now could be critical to addressing problems in the future,” he said.