The prevalence of brand abuse grew last year as cybercriminals capitalized on users' trust in well-known companies, according to a new "brandjacking" report
from internet fraud and brand-protection vendor MarkMonitor.
MarkMonitor tracked 30 of the most popular brands, searching 134 million public records and 60 million suspected phishing emails for brand abuse, Te Smith, vice president of communications at MarkMonitor told SCMagazineUS.com Monday. Each week last year turned up more than 450,000 potential samples of brand abuse incidents.
Among those, a new trend emerged in which criminals use well-known brands to drive traffic to malware-serving websites, Smith said.
In one example, a site was made to look like it was affiliated with a popular family brand, Smith said. If a user visited the site while running an unpatched browser, malware would immediately begin downloading to a user's computer. If, on the other hand, the visitor's browser was up to date, the site would serve the user a “security” pop-up, which would download malware if clicked.
Phishing emails named brands during 2008, when 444 organizations' names were used for the first time, the report noted. Smith said the economic crisis contributed to an increase in phishing emails because the instance of phishing attacks utilizing financial brands grew 51 percent in the second half of 2008.
Also on the rise was cybersquatting
– the illegal practice of creating a URL that resembles a brand name, with the hope that if a user mistypes an address they will end up on the rogue site. This tactic increased by 18 percent from 2007 to 2008, the research found. The instances of brandjacked offensive/pornographic and ecommerce sites increased from 2007 to 2008, growing 21 percent and 46 percent, respectively.
Also increasing is the use of blended threats, which may combine cybersquatting with malware exploits, ecommerce abuse or pornographic material.
Brand abuse could result in damage to a legitimate company's reputation, loss of revenue, and customers ordering illegitimate products, which in the pharmaceutical field, for example, could be life threatening if customers received the wrong medication, Smith said.
“Your customers are interacting with someone that's not you,” Smith said.
To mitigate these issues, enterprises must enlist help from across their organization to weed out offenders, he said.
“It might just be a question of sending a note to the site,” Smith said. “In many cases, that will get rid of the problem."