Security Watch | Matt Hines » Gauging the impact of "brandjacking"

May 01, 2007 | Comments: (0)

Gauging the impact of "brandjacking"

TAGS: Security

San Francisco-based MarkMonitor, which sells security applications that promise to help companies defend against attacks on their brand names -- such as via phishing or cross-site scripting attacks -- has released a study into the damage wrought on corporate images by online crimes.

The practice of using well-known company names, images and URLs to distribute malware or carry-out Internet fraud schemes -- a practice dubbed "brandjacking" by Markmonitor -- is a longtime favorite of online criminals, as evidenced by the daily load of spam e-mails delivered to one's in-box bearing words and logos scraped from companies like eBay.

However, security experts have long struggled to gauge how much impact the brand counterfeiting affects the companies who are targeted, despite frequently citing it as one of the major affects of popular criminal efforts such as phishing.

A new study doesn't calculate a dollar value for the attacks, but it does provide some brand abuse metrics.

According to the first installation of MarkMonitor's new BrandJacking Index, to be calculated once every fiscal quarter, the problem is not slowing down. The study is based on data gathered by MarkMonitor about leading business brands from its daily searches for abuse of its customers' images.

Based on the company's scans of online sites and phishing e-mails during March 2007:

-There were over 300,000 incidents of brand abuse for each week during the month.

-Cybersquatting, or the unauthorized use of a protected brand name in a Web domain, a hallmark of phishing, accounted for roughly 275,000 instances per week.

-Cybersquatting is typically combined with other attacks such as pay-per-click fraud.

-Some 40 percent of brand abuse focuses on media companies, both traditional and Internet-based.

-The next highest segments targeted were automotive, consumer electronics, technology and financial services, each of which accounted for between 11 percent and 16 percent of the schemes.

-Domain "kiting," or the use of name-brand related Web site domains before they get shut down by ICANN, is largely targeted at financial services companies, with over 980 of the fraudulent shill sites launched in March.

-Phishing incidents rose by 104 percent during all of Q1, compared to Q1 2006.

-Scammers are increasingly using unique URLs to carry out individual schemes to circumvent anti-phishing technologies.

-The number of brands phished each month reached an all-time high of 229 in March.

-Phishing attacks against financial services companies represented 41 percent of all phishing attacks in Q1 2007, compared to 29.4 percent in Q1 2006.

-Attacks on online auction brands fell below those against financial institutions for the first time, representing 38 percent in Q1 2007.

"Criminals have learned the rules of online marketing and how to exploit the system to attack the brands, revenue streams, channels and reputations of legitimate companies faster than businesses have migrated from physical security models to the cyber-world," Irfan Salim, chief executive of MarkMonitor, said in a research synopsis. "Brandjackers are adaptive, security savvy and opportunistic."

Posted by Matt Hines on May 1, 2007 08:57 AM

RATE THIS ARTICLE: