Industry View
Industry View | Battling Brandjackers
MarkMonitor's CSO Ihab Shraim offers strategies against domain kiting, pay-per-click abuses and other attacks on your brand
By Ihab Shraim, MarkMonitor
As an example of this last trend, exploit researchers at Face Time Security Labs have uncovered a hacking site that is a complete do-it-yourself phishing construction kit. The site can be used to generate phish emails that steal login information from popular social networking sites.
Overall, 412 different organizations were targets of phishing attacks last year, which represents an increase of 37 percent over the number observed in 2006. November was a record month for phishing targets, with 275 targeted organizations.
We saw a 44 percent increase in auction site abuse from the third to fourth quarters. The largest percentage increase in attacks was in the retail service sector, which went from 1 percent of attacks in the first quarter to 5 percent in the last quarter.
The U.S. continues to host the majority of phishing attack sites, with a 21 percent share during the last quarter of 2007. However, we observed a shift in the most popular foreign hosting sources in the fourth quarter, with Ecuador moving into the number two spot with 9 percent of attacks and Japan, Thailand, and Canada leaving the list of top five sources. The Republic of Korea still accounts for 7 percent of phishing attacks.
The bottom line? While brandjackers are becoming ever more sophisticated in their techniques and diversifying their targets, active brand defense strategies deliver positive returns. A well-defended brand is the most effective means of deterring brandjacking and the negative consequences they bring.
A strong defense begins with education. Internal education programs are key to making sure your employees don't fall for social engineering schemes that could hurt your brand. Set clear, understandable policies for behavior and share information and techniques for avoiding the latest dangers. Strongly consider creating an intranet site or wiki for fostering information-share and ensure employees have an easy mechanism for reporting suspicious activities so that IT can investigate.
Help your customers to stay informed. Work with the marketing organization to create an area on your Web site where you post information about your direct mail policies and standards so customers know how to evaluate e-mails that use your brand. Give customers an easy reporting mechanism, too, so they can let you know about suspicious emails or suspicious sites taking advantage of your brand.
As CSO, take the lead in your organization and include a brand protection component in our overall Internet security strategy&,dash;and work with your peers in the C-suite and the general counsel's office to extend that brand protection strategy to every part of your company.
MarkMonitor
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
