Online FRAUD The Not-So-Subtle Menace of Brandjacking
Regardless of the size of a business, the level of consumer confidence and trust in its brand is critical-especially on the Internet where a company's reputation is often in direct correlation to their share of the market. So says Portland, Oregonbased iovation, Inc., when referring to recent studies that found consumers bought more from online sellers with a good brand reputation. Brand confidence is so compelling that customers are increasingly willing to buy from unproven sources in order to obtain discounted rates on their favorite brands. Unfortunately, this loyalty has led to a counterfeit pandemic that includes everything from stocks and bonds to dangerous, uncertified, pharmaceuticals.
What is Brandjacking?
Brandjacking, as defined by MarkMonitor, Inc., is the criminal act of hijacking strong brands for profit. Brandjackers know the rules of online marketing and areexploiting them to their own advantage, at the expense of the true brand owners. As a result, brand owners constantly face threats to their reputations, customer relationships, and, ultimately, their revenues.
In order to shed light on the brandjacking phenomenon, MarkMonitor created the Brandjacking Index, a quarterly report that measures the effect of online threats to brands. In its Q1 2007 Brandjacking Index, the company found over 286,000 instances of cybersquatting-the practice of registering, trafficking in, or using a domain name with bad-faith intent to profit from the goodwill of a legitimate trademark. The study found that both traditional and Internet-based media are especially attractive targets, drawing 31 percent of brand abuse. Since these brands' Web properties are some of the most heavily trafficked Internet sites, they draw the most abuse in the form of cybersquatting and false associations-resulting in lost revenue and wasted advertising costs. "Media is unsurprisingly one of the largest targets for brand abuse," said John LaCour, director of product management for antiphishing solutions at MarkMonitor.
The study also found that phishing continues to be a significant problem, with a 104 percent jump in annual attacks in Q1-07. Phishers actively avoided browser- based consumer protection technology evidenced by the more than 300,000 unique URLs used in phishing attacks. The findings suggest that brandjackers employ elaborate, multi-pronged assaults on the most recognized companies and their associated brands.
Brandjacking and Phishing
In 2006 the Anti-Phishing Working Group (APWG) reported more than 200,000 unique phishing websites set up to attack unsuspecting consumers. "In the online environment, brandjacking is perpetrated through phishing," says Jon Karl, founder and vice president of business development for iovation. "Financial institutions and major eCommerce sites are often the primary victims. Customers are lured to fake sites where they provide their login credentials. It is difficult to determine if these sites are real or bogus, unless the site has provided some form of authentication that allows the consumer to lock their account."
Richi Jennings, lead analyst of email security practice for Ferris Research, notes that phishers target businesses of all sizes. "While indiscriminate, bulk attacks work best against large targets (e.g. Bank Of America), more targeted attacks can get results against smaller targets."
iovation offers solutions to help online businesses protect their customers and their own brand's reputation from abusive behavior. According to Karl, fraud is any form of abusive behavior and can include consumer credit and eCommerce fraud, identity theft, and click fraud. Click fraud is a type of Internet crime that occurs when a person, automated script, or computer program imitates a legitimate user clicking on an online ad for the purpose of generating a charge per click, without having any real interest in the site, products, or services. Click fraud abuse has become so prevalent that it is the subject of increasing litigation and has become a felony in many jurisdictions. For example, in California it is covered by Penal code 502 and in the United Kingdom, under the Computer Misuse Act 1990.
Aimed at preserving sender reputation, iovation offers Reputation-Manager, a solution that combines iovation's device identification and reputation management platform designed to protect online businesses against fraud and abuse. ReputationManager works by exposing criminals by uncovering hidden associations, such as multiple devices accessing a common account or a single device used to access multiple accounts. Once uncovered, if a device or account is flagged as engaging in fraudulent activity, all associated devices and accounts are flagged. Once the device has been associated with fraud or abuse in iovation's system, it becomes blacklisted.
Karl believes that consumers care a great deal about buying from reputable sources with honorable reputations, noting that companies worldwide need to implement effective solutions to preserve them. He adds, "Providing a solution that gives consumers this assurance is needed. Organizations outside of the U.S. have long known the importance of this type of technology, but recently, interest in the U.S. is picking up, which is very good news for consumers. I think this is an indicator that organizations across the board are beginning to connect the dots with protecting both consumers and the reputations of their brands."
In its Q1 2007 Brandjacking Index, MarkMonitor found over 286,000 instances of cybersquatting-the practice of registering, trafficking in, or using a domain name with bad-faith intent to profit from the goodwill of a legitimate trademark.
Threat vs. Response
MarkMonitor believes that successful brand protection requires a broad-based approach as opposed to piecemeal solutions. "The growing scale and diversity of Internet exploits requires an integrated, end-to-end full lifecycle approach to online brand protection management," explains LaCour, who ranks the following as key to online fraud prevention:
- Securing domain names relevant to a company's name and products
- Monitoring the use of trademarks online
- Identifying gray market channels where counterfeiters sell knockoffs
- Countering the threat of phishing
Jennings explains that managing domain names is about much more than securing the .com associated with an organization. He points to the Domain Assurance Council (DAC), a trade body representing organizations that certify or accredit email sending organizations and customers of those organizations. Examples of such organizations include Habeas Inc. and Goodmail Systems, whose customers are typically ISPs and spam control technology vendors.
certify or accredit email sending organizations and customers of those organizations. Examples of such organizations include Habeas Inc. and Goodmail Systems, whose customers are typically ISPs and spam control technology vendors.
The standard developed by DAC will be known as Vouch By Reference (VBR). Using VBR, a receiving system would be able to look up the domain of the sender and decide if it wishes to receive an incoming message. As Jennings explains, VBR could also allow organizations within vertical industries to vouch for other organizations in the same industry (e.g., the pharmaceutical industry). The theory is that organizations in vertical markets know each other so that if one is sending spam, then its competitors are likely the first to find out about it. VBR will create a market for organizations that vouch for domains, allowing its members to compete with minimum friction. "That's because VBR will also allow customers to switch providers, i.e., there will be no lock-in to a proprietary provider," Jennings concludes.
Brand Protection
According to MarkMonitor, a successful brand protection program requires that companies establish strong identity ownership rights globally; monitor broadly for brand abuse across all Internet media; implement solutions that detect and prioritize the most serious abuse; and respond rapidly, appropriately and cost-effectively to each type of abuse. MarkMonitor's suite of online brand protectionsolutions is designed to automate the workflow and assist corporations in creating, monitoring, and protecting their brands wherever they may appear on the Internet.
LaCour points out that the best and most frequently updated vendor solutions will offer a level of defense against online crime. The sheer number of avenues available for exploitation shows that brand often puts criminals ahead in the game of threat vs. response. Because brandjackers find the economic incentives to target large companies are substantial, LaCour believes, "Brand owners have to rely on themselves for enforcement, because regulation by government and non-governmental organizations is insufficient to protect companies and their customers."
Larry Clinton, president of the Internet Security Alliance (ISA) adds that technology alone will not solve our online woes and feels that it all begins with making online crime unattractive to criminals. "Technology is not enough to bring security and trust to electronic transactions. We need good global laws and regulations. Criminals need to know they can be extradited from any country where they break the law. For global e-commerce to flourish, we need to know that the availability and integrity of information provided by businesses is maintained at the highest levels, no matter where it's created." MB/TMP
Four Tips to Combat Online Fraud
- Have an online marketing policy. Organizations should implement online marketing and channel initiatives in a consistent manner to enforce the brand and help expose brand abuses. These policies should also be communicated and enforced with business partners too.
- Have a clear and consistent domain name strategy. Implement defensive domain name registrations to prevent improper use. Register obvious variations of your company and/or brand name. For example: paypal-service, paypal_support, apple_store, appleitunes, etc.
- Protect the email channel. Implement a solution such as Domain Keys Identified Mail (DKIM) and/or Sender-ID. This will mitigate phishing and unauthorized email solicitations.
- Within the organization, establish a program and function dedicated to combating online fraud. The program should include proactive detection of fraud and appropriate response plans. MB/TMP
Source: MarkMonitor
Protecting Your Business Against Online Fraud: Things to Know
Successful brand protection requires constant care. "Given ever-changing online fraud techniques, staying ahead of fraudsters without impacting legitimate customers can be an on-going challenge," warns Jon Karl, founder and vice president of business development for iovation. When using device identification and reputation technologies to fight online fraud, Karl believes that organizations should ask the following questions:
- Does it work well as a stand-alone solution, yet also complement existing tools?
- Does it scale for real-time fraud prevention?
- Does it offer forensic analysis and reporting, including velocity and suspicious activity reports?
- Does it have the ability to efficiently expose and shut down entire fraud rings?
- Does it have proven accuracy in its underlying device identification technology?
- Does it provide a range of device identification options to address differences in client environments?
- Does it have a proven fraud prevention track record and negligible false positives?
- Does it have the ability to maintain the reputation of known devices and accounts?
- Can it share fraud information across multiple subscribers' Web sites and applications?
- Does it offer high resistance to attacks?
- Does it provide flexible integration options for supporting online processes and workflows? MB/TMP
What precautions should be made while doing online transaction through the Internet?
As keyloggers,spywares and other such softwares cause menace to online transactions over the Internet,What precautions should be made inorder to be safe from such dangers
Best Answer - Chosen by Asker
The simplest way would be to use PayPal, as it has payment protection in case you don't receive the goods from a person, and you do not directly type your credit card number into any websites.
Failing that, use websites that provide trusted credit card transaction services such as RealEx and check that https:// is part of the page address where you enter your credit card number.
Firefox browser has a number of extensions that you can use to increase security with regard to keylogging and password spying. Install these (though they will cause a slowdown depending on how many you install).
Firewalls, password-hashing software, anti-spyware, anti-virus, should all be used.
There's many different ways to protect yourself, but it will depend on what exactly you are doing on your computer and how you are using it on a day-to-day basis
If you doubt that keyloggers and spywares have been installed in the system, then to have a secure transaction use a personal computer instead of a public one found in cafe's.
For more precautions check the address bar and see if the protocol is https:// instead of the usual http:// and that you see a padlock on the bottom of your status bar. Such a precaution is necessary for preventing phishing and other means of frauds. And never answer a mail even form your very own bank asking you to update details like your oin number, customer id, or password. These are generally fraud emails. Certain emails inform you that a transcation was successfully completed and to visit the link to follow the transaction route. Never click on such links. In case of doubt cal your bank customer care and they will always be there to help you. We are humans and must go with our senses without losing any control over any means of online information
when your buying online you will notice that secure websites have a little yellow lock icon on the right in the URL (place where the webaddress goes) if it doesnt have the lock dont use your credit card their.
You asked good question here.. It is very important to aware about online transaction using net banking.
1) Never access your account at public cafe/share computers
2) Always use home computer for security reason
3) Don't click on any link under your inbox whether if it is your bank's website.
4) Do practice to type bank's URL in address bar
5) Always update and patch your operating system
6) Use anti virus and update it on regular basis
7) Check SSL/https security on login page of bank's website coz this kind of data don't capture or sniff
8) Choose strong password which is both upper and lower case, number and special characker too, and long enough
1. Use security software on your computer. Your ISP may offer free security software as a part of being a customer. Call them and find out (most North American broadband providers offer a free firewall, anti-virus and spyware package of some kind). Ad-Aware by LavaSoft and SpyBot Search and Destroy are two reputable and free tools to clear Spyware, Adware and Trojans from Windows based computers. I have no affiliation with them at all.
2. Use common sense. Don't use your credit card on a site like "Jim-Bobs Hot Dogs". Amazon, Priceline, Ebay - those are trustworthy sites. Make absolutely sure that you never enter your credit card information on a page that isn't https:// - notice the "S" - https is (more) secure, http is not.
3. Consider using PayPal for your online shopping. It adds a layer of protection.
4. Check with your bank or credit card company to find out what their fraud policies are, so if the worst happens (someone gets your credit card number and uses it) you'll know what to do and what you're responsible for.
- Internet Fraud
The Internet offers a global marketplace for individuals and businesses. At the same time, Criminals also recognize the potentials of cyberspace. The same scams that have been conducted by mail and phone can now be found on Internet and in email, and new cyberscams are emerging. It's sometimes hard to tell the difference between reputable online sellers and criminals who use the Internet to rob people. You can protect yourself by learning how to recognize the danger signs of fraud. If you are a victim or attempted victim of Internet fraud, it's important to report the scam quickly so that law enforcement agencies can shut the fraudulent operations down. The followings are the common type of on-line frauds you may encounter:
- Internet Shopping/Auction Fraud
The Internet is open 24 hours a day, seven days a week and offers shopping that can be just convenience as a supermarket or mail orders if you buy from a responsible and reputable business over a secure web-server. Your credit card information is protected by encryption during transmission and cannot be seen by anyone ¡V not even the seller in some cases. But it is important that you know who you're conducting business with, what security features they offer, their privacy policy, and their return or refund procedure. Criminals are making use of the convenient shopping business to exploit their victims. Many victims pay their money in e-auction but cannot get what they have purchased. On the other hand, e-shop operators have failed to receive the money after they have delivered their goods as criminals are using either forged or stolen payment cards to settle their purchases.
Safety Tips
- Do check the terms and disclaimers of an e-shopping site before acquiring its service, e.g. check statements for personal privacy.
- Do choose e-shopping sites of providing well-known or trusted services.
- Do notice key measures on providing information or making purchasing on a web site:
- Informed consent on personal information
- Seals of Approval applied (e.g. TRUSTe or WebTrust)
- Do check security of e-commerce website before submitting personal information and transaction (e.g. SSL, https, lock icon in browser, the issuing authority of certificate)
- Do apply for a Digital Certificate for electronic transactions
- Do consider using Encryption to protect sensitive data transmitted over public networks and the Internet.
- Do keep transaction records. Most e-commerce sites present you with a summary of your transaction before you click a Send or Buy button. Print this out or save it as a file to refer to later if necessary.
- Do avoid submitting any data that is irrelevant for the purposes for which it is being collected. Be particularly cautious if asked for personal information, such as credit card or bank account numbers.
- Do be alert to the latest news on sites that are famous for suspicious or labeled as "bad sites".
- Don't download data from doubtful sources.
- Don't try to visit untrustworthy sites out of curiosity
- Don't forget to check the privacy policy of a web site, ensuring that the personal data you provided is properly used and protected.
- Online Sweepstake, Lottery Fraud
From time to time, you might receive e-mails telling you that you have won a grand prize and in order to claim the prize, you have to pay a fee. Of course, this is all part of a scam. It is most likely that after you pay the fee, you will never hear from the scammer again. There are also fraudulent lottery websites charging people fees to be members offering them "sure win" tips for betting on various lottery or sweepstake games and these are scammers too. After a certain period, the website will disappear.
Safety Tips
- "Sure Win" tips on betting do not exist. It's a common scam for a company to suggest that your chances will be better if you make a purchase.
- Never pay to play. Fraudulent companies will require you to buy something or pay a fee in order to win or claim a prize.
- Be cautious about emails for contests and sweepstakes. Many unsolicited emails are fraudulent.
- Guard your credit card and bank account numbers.
- Watch out for imposters. Some con artists use company names that are identical or very similar to well-known, legitimate operators such as the Hong Kong Jockey Club. Tell them that you'll get back to them and contact the real companies to ask if there is any connection.
- Get all the details. Legitimate sweepstakes companies will tell you exactly how the contest works, including the odds of winning, the value of the prizes, the date that the contest ends, and how you can find out who won.
- Replication of Hong Kong Mark Six Fraud
It has come to the Police attention that some websites are making use of the Hong Kong Mark SIX Lottery and claiming to have tips to win the Mark SIX. They invite members of the public to join them as members charging large sums of membership fees for providing the Hong Kong Mark Six lottery analysis and predicting ¡§sure win¡¨ results. Some websites even claim that the lottery itself is controlled by technology thus controlling the result in which the said websites claim that they could provide.
The Hong Kong Jockey Club confirmed that they have received reports of similar scams filed by members of public. The said activities are in no way connected to the official organizations promoting the Hong Kong Mark SIX Lottery.
- Bogus Websites
There exist on the Internet many bogus sites which are very cleverly designed to look like the real website. They even use very similar domain names as the genuine websites. The main purpose of these websites is to make you believe that they are either the original company /organization or subsidiaries with a view to deceiving you to join in their bogus business.
Examples are bogus cyber banks and investment house in which culprits created the websites with features of a mix of legitimate text and logo taken from a genuine website, say a bank. Then solicit potential victims throughout the world by e-mail and letters offered bank accounts and service similar to those of a legitimate bank. These banks may be used by culprits as a mean of added creditability in order to lure their victims to join into the plots. Again once money has been paid into any investment plan or service, the cyber bank will disappear.
Safety Tips
- Internet Commercial Fraud
Use of the Internet for the sale of a wide range of services or products is an effective and legitimate marketing tool for any businesses. However, criminals have also making use of these opportunities to organize their plots. Scammers use the same techniques as legitimate companies, but hide behind the anonymity of the Internet to deceive their victims. They either advertise their service or products via the Internet, but using anonymous or false registration information. Once they obtain the trust from their victims, they would require the victims in paying down payments and afterwards disappear and would never deliver the promised service or products.
Another type of fraud commonly encountered in the Internet is the '419' advance fee fraud in which culprits (usually originated from some South African countries) using the benefit of the Internet to send out e-mail claiming to have a huge sum of money held in the name of a deceased person or large contract sums due for payment, which need to be move to foreign accounts but require the payment of advance fee to cover the administration or transport. Again once the advance fee has been paid, culprit will be disappeared, but there are incidents in which the victims after paying the initial sum continued to pay another sum in the belief that the huge sum promised by the culprits would be coming through.
Safety Tips
A few basic suggestions should help ensure that you do not fall victim to the tactics of fraudulent Internet marketers:
- Don't believe that an e-mail with an exciting promotion or investment opportunity is trustworthy, especially if the e-mail is anonymous.
- Don't invest or purchase a product or service without carefully checking out the investment, product, service, and the company.
- Don't be afraid to request further documentation from the marketer so you can verify the validity of the company.
- Don't be fooled by the promise of a valuable prize in return for a low cost purchase.
- Don't be too quick to involve yourself in a "special offer or deal." Be very carefull in this regard however some offers are genuine
- Don't be hurried into sending money to claim a prize that is available for only a limited period.
- Don't disclose information about your finances, bank accounts or credit cards ( not even the credit card expiry date).
- Misuse of Internet Access Accounts
It is quite common for criminals to get hold of other users' accounts on the Internet. The main purpose is to avoid billing or to act with other people's identity for different reasons, such as :
- Abuse of Internet Service (Identity / Password Theft)
- Abuse of Online Game Service
In Hong Kong, the popularity of online PC games has increased tremendously over the past year, especially amongst youngsters whose security awareness on the use of Internet is relatively low. This increase in the use of Internet and the poor security awareness have lead to the increase of abusive use of the on-line game services.
Safety Tips
- Password Control:-
- Do choose a password of length more than 6 characters. Mixing letters and numbers in a random manner is a good idea.
- Do change your password periodically to prevent password hacking. Default passwords and passwords generated by others should be changed promptly.
- Do remember to log off system when you leave or finish with the Internet in public places, such as school, library, or cafe.
- Don't disclose your user ID or password.
- Don't share account with others.
- Don't use your personal information for your password, e.g. your name, address, birthday, etc.
- Don't give away your user ID or password when completing an on-line form.
- Don't store your password in the browser, or leave it around, in particular near the computer.
- Don't reuse passwords.
- You can't be sure what your kids and their friends are doing. This is very important if you are using Internet banking. If something goes wrong, your bank will probably not accept losses if you share your password with someone else, even if it is a family member.
- Online Theft
As a result of advances in technology, stealing of information stored in computer has become an increasingly popular method for criminals to make money, such as cash in your e-banking account, on-line game tokens or points which you have attained when playing online games etc. The following criminal activities are commonly encountered:
- Abusive Use of Password (Theft of Personal Identity Number(PIN))
Identity theft involves stealing or hijacking of the Internet identity (password) of another person - or in some cases of a business ¡V for the purpose of illegal use of Internet service or to impersonate for commission of other crimes.
Besides, the thief of password, especially for those who use one password for all their Internet services, can lead to the taking over of the victim's financial accounts, open new bank accounts, transfer bank balances, apply for loans, credit cards and other services, purchase vehicles, take luxury vacations, which leads to various offences such as fraud, theft and others.
Safety Tips
Review and remember the following points to avoid becoming an easy target:
- Sign all credit cards when you receive them
- Never loan your credit cards to anyone
- Cancel credit cards you do not use and keep a list of the ones you use regularly
- Immediately report lost or stolen credit cards and any discrepancies in your monthly statements to the issuing credit card company
- Never leave receipts at bank machines, bank wickets, in trashcans, or at unattended gasoline pumps; ensure you destroy paperwork you no longer need
- Never provide personal information such as SIN, date of birth, credit card numbers, or PIN over the telephone unless you initiate the call
- Remove mail from your ¡¥secure' mailbox after delivery and do not leave pieces of mail lying around your residence or work site
- Shred or otherwise destroy pre-approved credit card applications, credit card receipts, bills and related information when no longer needed
- Avoid keeping a written record of your bank PIN number(s) and other passwords, and never keep this information in your wallet or hand bag
- Online Games Theft (Theft of virtual Property)
In Hong Kong, the popularity of online PC games has increased tremendously over the past year, especially amongst youngsters whose security awareness on the use of Internet is relatively low. Many of the games offer virtual weapons which can be purchased by players. The higher level you attained in the game with your virtual weapon, the more monetary value your weapon is worth.
Recently, there are increasing number of complaints regarding virtual weapons being stolen from online game players' account. Some complaints also refer to online gaming accounts being misused thus accumulating large sums to the victims' monthly bills. From the Police's enquiry, there are several ways in which the culprits could have stolen the virtual weapons or misuse the accounts:-
- Social Engineering - victims could have revealed their user ID or passwords to their online game partners or even to close friends thus allowing their accounts to be abused by the culprits
- Plug-ins - Some victims revealed that they have downloaded plug-in programs for online games so that the game can be set at "auto play" mode. These plug-ins are often downloaded from unknown sources and some may contain hacking program such as Trojan Horse.
Safety Tips
- Theft of Corporate Information
The advance of technology has created a paperless environment in most offices with most of the corporate information such as staff details, accounting information, confidential projects etc. stored in the companies computer systems. Recently, there have been complaints from employers that their ex-employees have taken corporate information when they left the company. There have also been cases where ex-employees have hacked into the companies' computer systems to look at the boss's e-mails. To prevent this from happening, implementing a set of information security policy is essential.
Safety Tips
- Upgrade anti-virus protection at least every two weeks
- Classify all essential information
- Upgrade all operating systems and applications files frequently, using the security patches provided by the developers
- Back up all data files regularly and store the backup files in a secure location off-site
- Provide security training for all personnel who use workstations or deal with sensitive paper files
- Shred all sensitive paper documents (anything containing payroll, personnel, financial or corporate data) before recycling or disposing
- Internet Banking Theft
Since the launch of Internet banking services in Hong Kong, there have been several cases of Internet banking theft where money was stolen from victims¡¦ Internet banking account. Similar to Internet shopping, Internet banking is safe providing the end-user security is up to standard. In most of the Internet banking theft, the end-user¡¦s bank PIN or password have been stolen by the culprits through social engineering processes such as picking of bank document from letter box, victim wrote down his bank particulars with PIN in his notebook that is later lost and picked by culprit, or victim receiving phone calls from culprit claiming to be bank staff and victim disclosed his PIN to the culprit over the phone, etc. In some overseas countries, victim¡¦s computer system was being infected by Trojan Horse programs thus allowing culprits to capture the user IDs and passwords, however, this has not been surfaced in Hong Kong.
Safety Tips
Comments [0]