A new report released by brand protection firm Mark Monitor has revealed that online abuse of leading brands is growing more common, damaging brand reputations and upping the risk of unwitting users becoming the victims of malware and phishing attacks.
Online brand abuse involves leveraging the reputation of a well known brand to draw traffic to a particular site. According to the ‘Brandjacking Index’ report from MarkMonitor, the most common form of online brand abuse is ‘cyber-squatting’, a type of trademark abuse where the domain name is such that it implies the website belongs to another company. Users commonly find themselves on these sites when they make a common spelling mistake in the brand name. The report showed that there were almost 450,000 incidents of cyber-squatting in the fourth quarter on 2008, up 2% quarter on quarter and 18% year on year.
Once drawn to the site, unwitting users can be exposed to a range of risks. One such risk is exposure to malware such as viruses or Trojans which can be installed upon visiting the site. Such malware can cause damage to the user’s computer or leave it vulnerable to attacks from hackers who can use access the user’s computer to acquire sensitive information such as online banking passwords and credit details.
Another significant danger associated with cyber-squatting is phishing, where the website purports to be associated with the genuine brand and attempts to persuade the recipient to part with private information such as payment information or online passwords. But such attacks are not wholly dependent on cyber-squatting as phishers also commonly send a fraudulent email which purports to be from a trustworthy source and draws users to their site. Once the user enters their user name and password it is passed on to the fraudsters who can then use it to log into that person’s real account.
According to the MarkMonitor report, phishing attacks targeting financial brands rose 51% in the second half of 2008, while attacks against payment services such as PayPal rose by 122%. The report also revealed that phishers are broadening their targets, with 444 organisations being phished for the first time in 2008 across a variety of industries. In the last quarter of 2008, 422 organisations were phished, representing an 8% increase over the previous quarter and a 7% increase year on year.
Most worryingly, the report revealed that 80% of abuse sites identified in 2007 were still active during the report’s research period at the end of 2008, suggesting that brand holders need to take a more aggressive stance against online brand abusers.
For affected firms attempting to prevent phishing and other malicious activity being conducted online in the name of their brand, the biggest challenge can be tracing the perpetrators in the virtual world. In such cases, the assistance of computer forensic experts can be vital. Such experts are able to trace the origins of the attacks to a physical location, which can then allow legal action to be taken.
For users the key message is to remain vigilant at all times, checking domain names carefully before parting with sensitive information, and treating emailed requests for information from familiar brands with caution. Users should also ensure that their antivirus and firewall software is kept up-to-date to ensure any malware which threatens their system is detected and blocked.