Preserve Your Online Reputation: Beware of Forged Email, Phishing Sites, Malware and Brandjacking

By Stephanie Jordan
in

Organizations of all sizes, from the small-to-medium business (SMB) to the largest enterprise, have this in common: you must protect your business and your brand. While this is important in the brick and mortar world, it can be especially challenging for your online presence. Keeping your website free of malware and spoofing is an ongoing process. The work is never done.

This month saw WordPress blogs hacked on some shared hosting sites resulting in virus installations on the computers of unsuspecting site visitors. (According to the folks at WPSecurityLock, if you are hosting your WordPress blog at DreamHost, GoDaddy, Bluehost, Media temple or on another hosting company, you should check your websites now to see if it has been infected. They also warn that you should not try to open your website unless you have an up-to-date anti-virus program, your computer is virus free and you’re on a secured network.) At the time of this writing, the genesis of the problem is unknown; it doesn’t appear to be specific to any one hosting company, nor to WordPress itself. This is (unfortunately) an excellent example of the threats that can compromise your site, and your reputation as being a “safe” place to visit in cyberland.

Another area where one’s reputation can be placed in jeopardy is brandjacking. In March, MarkMonitor, a provider of enterprise brand protection, reported that online brand abuse rose across major industries in 2009. Its latest Brandjacking Index reveals the total number of phishing attacks was at an all-time high, with attacks targeting social network sites increasing to represent two percent of all phish attacks in 2009. The report spotlights the techniques and scams used by fraudsters and cybercriminals to monetize Web traffic using well-known brands as the lure.

The report found that brand abuse increased across all industry categories measured by the Index with the automotive and media industries drawing the most abuse. Abuse targeting luxury brands demonstrated the greatest increase, growing 23 percent year-over-year, followed by abuse targeting apparel brands, which grew 14 percent year-over-year. For the third straight year cybersquatting, the method of using brands in bad faith within the domain name system, continued to be the most prevalent form of brand abuse. In addition, phish attacks reached a new record high with 565,502 attacks in 2009, growing 62 percent over 2008.

Frederick Felman, chief marketing officer of MarkMonitor, says that scammers are continually seeking new methods of monetizing traffic, and believes brands face a growing and pervasive problem from online abuse. “With billions of dollars worth of eCommerce sales, intellectual property and online marketing investments at stake, companies need to take proactive roles in fighting brand abuse online now more than ever,” he says.

Safety measures are improving, but are not failsafe. Last month the Online Trust Alliance (OTA) declared the majority of consumer websites remain vulnerable to online fraud, even as a growing number of businesses deploy online safety measures. In its annual survey of best practices meant to help protect consumers from the onslaught of forged email, phishing sites and malware, the organization determined of the 1,200 companies analyzed, only 113 qualified to be named to the OTA Online Safety 2010 Honor Roll

The survey examined 1,200 domains and analyzed 500 million email messages purporting to come from the Fortune 500, Internet Retail 500, top 100 financial Institutions in North America and consumer facing federal government websites. Sites were evaluated based on their usage of email authentication standards and Extended Validation SSL Certificates (EV SSL) and the presence of malware.

“While major corporations, banks, governmental agencies and industry working groups talk about best practices, the majority are failing to adopt, risking demands for added regulations,” warns Craig Spiezle, executive director and president of the OTA.

OTA is calling on all consumer financial institutions, commerce sites and consumer facing governmental agencies to implement EV SSL certificates, email authentication and complete daily site scans for malware and vulnerabilities by September 1, 2010.

While OTA focuses on the largest of those industries noted above, the lessons learned can be applied to all businesses, be it business-to-business, or business-to-consumer, and of any size. The lesson is this: take care of your online business, protect your brand, and protect those visiting your site with a solid security policy. No business can flourish without the trust of those that frequent your site.

 

=

Eye on Messaging is written by Stephanie Jordan, editor in chief of Messaging News. If you have story ideas or news to share, email her: sjordan [at] messagingnews [dot] com

Published May 13, 2010