Global Marketing Alliance

How businesses can protect their brands from online fraud

Online fraud brand protection

In the internet era, brands are often under attack by fraudsters, phishers and scammers, but businesses can protect themselves, says author David N Barnett.

In today’s digital world, the internet presents criminals with an unprecedented opportunity to commit untraceable fraud with a degree of ease that is not possible in the physical world. Recent research suggests that the UK loses almost £11 billion a year to cybercriminals, with a financial scam estimated to have been perpetrated every 15 seconds in the first half of 2016. Fraud can also be relevant to companies outside the financial services industry; for example, in November 2014 the travel reservation company Booking.com was forced to refund around 10,000 customers who had lost money in a targeted attack. These facts highlight the importance of brand owners carrying out pro-active programs of online brand protection, to monitor and protect themselves and their customers from online fraud.

Common online fraud attacks

One of the most common ways in which online fraud is carried out is via phishing, where a fraudster contacts a third party in an attempt to acquire confidential information. Nearly 450,000 distinct phishing attacks were identified in 2013, resulting in a total estimated financial loss of almost $6 billion. This type of scam is frequently carried out by copying the ‘look-and-feel’ of a legitimate website for the brand under attack and encouraging customers to log in, so the fraudster can collect the credentials entered. In many cases, customers are directed to these sites via embedded links in fraudulent emails. However, fraudsters have also been found to purchase sponsored-ad space from popular search engines, so advertisements for a fake site appears in response to customer searches for the brand. Some of the most convincing attacks occur when the fraudster registers a brand-specific domain name to construct the phishing site.

Figure 1: Example of a fraudulent banking website using a brand-specific domain name (hsbcprivatebank.org.uk)

There are a number of steps which can be taken by businesses to mediate the risks associated with phishing:

Another type of scam to be wary of is the advance-fee fraud, usually perpetrated via the use of an email promising a sum of money, prize, or employment. Following correspondence with the sender, the recipient is asked to send a ‘fee’, which is then retained by the fraudster. As with phishing scams, many of these make use of brand-specific domain names to create an associated fake site or a plausible email address.

Figure 2: Example of a scam email comprising an advance-fee (‘419’) fraud and making use of the email functionality of a non-legitimate, brand-specific domain name (cocacolagroup.co.uk)

In other cases, fraudsters may make use of malicious software (‘malware’), which can be spread to users’ computers by convincing them to open an infected attachment to an email, or by visiting an infected site (and usually clicking on a hyperlink). Two common types of malware which are relevant to the perpetration of online fraud include:

Protection against malware generally falls under the responsibility of individual internet users, through an Internet-security product. However, brand owners can also:

Credentials or private information stolen by criminals is often then ‘traded’ online as a commodity. This frequently takes place in private forums (such as password-protected chat channels), but can also occur in other environments such as social media or dedicated websites. In many cases, it may not be possible to have these websites deactivated (for example, in cases where the sites are hosted in geographies where enforcement is difficult, or where the domain-name registrars or hosting providers are non-compliant to takedown requests). However, it is important to monitor these environments carefully so that compromised accounts can be identified and ‘locked’ as quickly as possible.

Figure 3: Example of a ‘carder’ website on the Dark Web

In addition to the monitoring and enforcement strategies described above, businesses must also employ other strategies (such as investment in digital security products and insurance) to protect themselves and their customers against the threats of fraudulent activity, brand damage and financial losses.

GMA readers can save 20% on ‘Brand Protection in the Online World’ with discount code PMK20 at: www.koganpage.com.

Exit mobile version