July 22, 2010 – 10:32 am by Teresa Chen
The abuse of well-known seal of approvals seems to be the latest ruse used by online fraudsters. Leveraging reputable names that existed long before anyone heard of the Internet is a blaring reminder that even trustworthy seals are not off limits to scammers. In fact, linking to reliable sources of reviews and certification is proving to be an essential part of any fraud strategy today.
A recent string of fake websites tricking car shoppers serves as the latest example. America Auto Sales, a glitzy site listing used cars at discounted prices, appeared to be an authentic channel where many consumers could find great deals on previously owned vehicles. The website not only held an extensive inventory of repossessed cars, but seemed to be ‘certified’ with reviews from reputable sources. America Auto Sales even had an “A” rating with the Better Business Bureau (BBB), a longstanding goldmine on business reliability.
And so the story goes – the website turned out to be a scam, in yet another case where gullible victims fall prey to the bad guys. Sadly, online buyers lost thousands of dollars and the authorized dealerships were left to deal with the aftermath. The real America Auto Sales was slammed with over 1000 customer calls as a result of stolen identity.
Sure, we’re all aware of the customary tricks to steal a company’s identity as is evident in this story. What’s interesting is now scammers deploy the usage of trusted authentication services such as BBB to further deceive unsuspecting victims. We’ve seen this type of behavior in other industries, such as online pharmaceuticals as well. In numerous occasions, illicit online pharmacies sport a Verified Internet Pharmacy Practice Sites (VIPPS) certification, a program governed by the National Association of Boards of Pharmacy to ensure the legitimacy of online pharmacies. Many consumers use the VIPPS certification to confirm the validity of pharmacies to shop safely for pharmaceuticals online. However, similar to the online auto scams, fraudsters are plastering the VIPPS seal onto their fake websites, implying a false association to fake their credentials.
Fraudsters are smart. They will do whatever it takes and are clearly not above usurping seals of approval. This is where consumer education comes into play as it serves as the first line of defense against any fraud and deception. Most recently, BBB posted an article highlighting best practices to red-flag fraudulent websites. These types of best practices enable consumers to make well informed decisions and ultimately avoid rip-offs like the recent car scams. They serve as a complementary and critical component to any brand protection strategy. Whether its educating consumers on how to verify online pharmacies or on how to tell the difference between a counterfeit coupon from an authentic one, consumers need to be equipped with the best information to outsmart the fraudster.
Tags: Consumer trust, Scams
July 15, 2010 – 2:32 pm by Elisa Cooper
With the launch of new gTLDs expected to occur early next year, many are closely examining the opportunities and risks associated with ICANN’s Program.
Although still in draft format and subject to change, keep these gotchas in mind as you think through your strategy.
A 70% Refund Sounds Great – If you decide not to move forward with your new gTLD application after its initial posting, you are eligible to receive a 70% refund. But because the application fee is $185,000, pulling an application from the process will still result in a cost of $50,000.
You’ll Need to Move Quickly to Object to Applications that Pass the Initial Evaluation - Objections to new gTLD applications can be made as soon as they are posted to the ICANN site for a period of approximately five months. However, you will only have two weeks to file objections once the Initial Evaluation results are made available.
Obtaining a New gTLD Could Take 19 Months – If you fail the Initial Evaluation, if your application is disputed, and if there is string contention, even the Guidebook says it could take up to 19 months before your new gTLD is delegated.
Trademark Clearinghouse Only Simplifies Trademark Sunrises – In the past, Registries have relied upon Trademark Sunrises to help recoup their internal start-up costs. With the Trademark Clearinghouse, Registries will no longer be able to charge exorbitant Trademark validation fees. This does not mean, however. that other Sunrise periods won’t also be instated. Be prepared for the submission of business registration requirements, local presence requirements, and proof of industry trade association membership, along with additional fees for validation.
The Uniform Rapid Suspension (URS) May Be More Work than It’s Worth – When the Implementation Recommendation Team originally devised the URS, it was supposed to be a quick, easy and inexpensive method for dealing with clearly infringing domains. As it stands now though, it isn’t any of those things. Domains that are successfully suspended as a result of the URS procedure are only suspended for the remainder of their registration term, or for an additional year at current market registration rates. After suspension ends, domains become available for registration and are likely to be registered again resulting in a never-ending cycle of watching and suspending.
Registry Services Should Not Be Taken Lightly – Registries are responsible for running their TLDs in a stable and secure manner, complying with ICANN’s consensus and temporary policies, implementing start-up and post-launch rights protection mechanisms, providing protection for country and territory names, depositing data into escrow, delivering monthly reports to ICANN, hosting a Whois services, maintaining relationships with ICANN-accredited Registrars, maintaining an abuse point of contact, cooperating with contractual compliance audits, making TLD zone files available, and enabling DNSSEC.
Your Relationship with ICANN Could Be More Solid Than Many Marriages – That’s right – when you apply for a new gTLD, be prepared for a 10-year commitment.
You’ll Need to Prepare for the Worst – To obtain a new gTLD, not only will you need to define its mission and purpose, develop financial plans, and describe technical and operational capabilities, but you will also be required to maintain a continued operations instrument sufficient to fund basic operations for a period of three years which would continue in place for five years after the delegation of the registry AND you must also have a continuity plan in place which includes the designation of a transition provider.
New Registrations Won’t Likely Be Available Until Late 2011 / Early 2012 – Even if applications are accepted early next year, even in the best case scenario, it will still be some time before we actually see new gTLDs in the root.
The ICANN Board Still Needs to Approve All Applications – Even after the numerous reviews by the String Similarity Panel, the DNS Stability Panel, the Geographical Names Panel, the Technical Evaluation Panel, the Financial Evaluation Panel and the Registry Service Technical Evaluation Panel, at the end of the day – entry into any Registry agreement by ICANN must first be approved by the ICANN Board of Directors.
Tags: Domains, icann, New gTLDs, top level domains
June 24, 2010 – 3:54 pm by Joshua Lin
Since March 2010, and especially this month, the MarkMonitor Security Operations Center (SOC) has noticed a significant increase in the use of free web hosting services for phishing and malware attacks. Cybercriminals are using free hosting services to either host the phishing and malware sites themselves or redirect to fast-flux malicious sites.
Here is how this new attack method works: Emails with links, obfuscated by the use of HTML or a URL shortening service, direct victims to a free-hosted web page. In some cases, this page would be a phishing or malware site. In other cases, the landing page would have Javascript which would seamlessly redirect users to a malicious site hosted on a fast-flux botnet.
The free hosting-fast-flux combination is particularly interesting because it indicates cybercriminals have added another, front-end layer to their fraud infrastructure for greater stealth and resilience:
- Layer 1: Free-hosted webpages with Javascript redirectors
- Layer 2: Constantly changing compromised PCs that serve as proxy redirectors
- Layer 3: Phish or malware domains
The SOC believes free hosting services are becoming popular with cybercriminals because these services give cybercriminals unlimited free resources to launch their attacks and to protect their expensive fast-flux infrastructures.
In addition, cybercriminals are able to set up malicious sites on free hosting services much more easily than registering malicious sites with ISPs or registrars. Typically, cybercriminals would register their malicious sites using stolen credentials. With free hosting services, cybercriminals may now open accounts and set up their malicious sites by simply using email addresses created on free email services.
MarkMonitor’s SOC believes that this new development of free hosting combined with fast-flux, especially as seen this month, suggests the tell-tale signs that something on a larger scale may occur this summer. The emergence of free hosting front-ends to fast-flux botnets may indicate that cybercriminals have been beta-testing their new attack infrastructure in recent months before a general release in August, the historical high point of phishing each year. Stay tuned …
Tags: botnet, Brandjacking, cybercriminals, fast-flux, Fraud, free web hosting, malware, phish, Security
June 24, 2010 – 11:34 am by Mary Roach
Chanel’s warning to counterfeiters: “we are watching and we are taking action.” That’s the literal message you will see when visiting around 40 websites that used to sell counterfeit goods (such as mychanelshop.com) that now redirect to the Chanel-owned website chanelreplica.com. These domains were transferred to Chanel as a result of a favorable decision rendered in May 2010 against two counterfeiters. Chanel has since leveraged these past infringing domain names to send a clear message to fraudsters: that stopping counterfeits is a top priority and that it will take legal action when necessary. At the bottom of chanelreplica.com, Chanel provides links to examples of past judgments against online counterfeit operators, letting them know that it will follow through on its promise to aggressively defend its brand.
Chanel also takes the opportunity to warn current and would-be counterfeiters by posting a copy of a lawsuit in progress on the websites named in the lawsuit. The lawsuit against Liu Zhixian and other unidentified defendants filed on April 10, 2010, for example, is posted on 11 websites, including chanel2u.com. Chanel has provided updates on subsequent orders and injunctions on these sites to let fraudsters know that Chanel is indeed serious about identifying these individuals and making them accountable while simultaneously sending a signal to other counterfeiters not to hijack its brand.
On the consumer front, Chanel creatively uses the recovered domains that now point to chanelreplica.com to educate consumers on why buying fakes is harmful to society as a whole (i.e., by supporting criminal and terrorist activity) and what risks they take on themselves (i.e., receiving poor quality goods with no chance of a refund or repair services). As a result, any consumer who may have visited these sites in the past now knows without any uncertainty that the products were fake, and will maybe even rethink buying fakes in the future. Chanel also takes aim at warning consumers about the downside of buying fakes online at fakechanel.com.
While its fight against counterfeiters is not yet over, Chanel is taking an innovative approach of leveraging past infringing websites to fight the fight. What impact this will eventually have is still to be determined, but if all fake counterfeit sites contained similar messages, counterfeit buyers and sellers alike would likely think twice about engaging in this illegal trade.
Tags: Brand Abuse, Brandjacking, counterfeits
June 21, 2010 – 1:09 pm by Joshua Lin
Beginning this month, MarkMonitor will be sharing a new, monthly Fraud Intelligence Report with customers and other interested parties in our blog. The goal of the report is to provide timely analysis of developing trends and new threats in the fraud landscape. The Fraud Intelligence Report will complement the current MarkMonitor analysis as provided in the semi-annual Brandjacking Index® reports and customer reports.
The headline findings of the April 2010 Fraud Intelligence Report are:
Phishing Attack Volume Continues to Grow
Phishing attack volume increased 33% to 36,557 attacks in April, continuing the growth trend from March; however, phishing attack volume has not returned to the level seen in April 2009.
Fewer Organizations Targeted
The number of targeted organizations decreased 9% to 270 in April, reversing a growth trend that began after December 2009, but the current level has returned to the level seen in April 2009.
Attacks per Organization Grow
Monthly attacks per organization grew 27% to 135 in April, suggesting a return to concentrated attacks on lucrative targets.
Payment Services Sector Continues as Most Popular Phishing Sector
The Payment Services sector was the primary sector favored by phishers, accounting for 41% of phish attacks in April. The Financial sector, historically the most popular phishing sector, accounted for 33% of phish attacks.
Social Network Phish Volume Declines
Phish targeting social networks declined 24% to 1,379 attacks in April, reversing the steep growth observed in March.
The US Continues to be Most Popular Phish Hosting Country
The US continued as the predominant country hosting phishing sites, accounting for 52% of phishing attacks in April. A notable new development was that Bulgaria grew almost 9,600% to jump from the #47 position to #2 and accounted for 6% of total phish.
An important major trend underlying the above points is that phishers have shifted their primary attack vector from fast-flux botnets to hacked websites. Phishing attacks hosted on fast-flux botnets hide behind a cloud of rapidly changing proxies but ultimately present a single point of failure – the malicious domain. Cybercriminals registered domains for multiple fast-flux phishing attacks targeting many brands. But these domains, and the multiple phishing attacks they hosted, could be detected (often preemptively), Fraudcasted, and shut down in high volumes.
In the meantime, hacked website-based phishing attacks became more prevalent. In these attacks, cybercriminals compromise legitimate domains and host their phish attacks on the subdomains. This effectively removes the single point of failure in fast-flux phishing attacks – now there is no malicious domain to detect, Fraudcast, and shut down. From the fourth quarter of 2009 onwards, the MarkMonitor Security Operations Center observed a dramatic decline in phishing attacks hosted on fast-flux botnets and an equally dramatic rise in phishing attacks hosted on hacked websites.
Download the report here: MarkMonitor Fraud Intelligence Report, April 2010
Tags: botnet, Brandjacking, fast-flux, Fraud, malware, Phishing, Security
June 1, 2010 – 9:34 am by Elisa Cooper
A fourth draft of ICANN’s New gTLD Draft Applicant Guidebook has been released.
In addition to the Applicant Guidebook, ICANN has also published summaries and analysis of the public comment period.
The latest version includes:
- Incorporation of trademark protections, including improvements to the Uniform Rapid Suspension (URS), the Trademark Clearinghouse (TM Clearinghouse), and the Post-Delegation Dispute Resolution Proposal (PDDRP);
- Changes to rules for geographic TLDs, including a prohibition on country names as gTLDs;
- A new gTLD Registry transition process model, including provisions for emergency transition in the case of prolonged Registry technical outages;
- A model for providing centralized zone file access (ZFA) to aid in combating malicious conduct;
- A revised base Registry agreement including proposed Registry-Registrar cross-ownership language.
The Public Comment Period for the fourth version of the New gTLD Draft Applicant Guidebook is now open and will run through July 21, 2010.
MarkMonitor will monitor these developments closely and will follow-up with more detailed analysis and recommendations.
Tags: Domains, gTLDs, icann, New gTLDs, tlds, top level domains
May 25, 2010 – 5:58 pm by Mary Roach
According to a CNN article, in less than 24 hours following the September 2009 release of Dan Brown’s blockbuster novel The Lost Symbol, pirated versions were discovered on file sharing sites, such as RapidShare and BitTorrent. Within days, the book had been illegally downloaded more than 100,000 times. As of late October 2009, 166 illicit copies of The Lost Symbol were available on 11 sites.
Dan Brown’s novel is hardly the only fiction bestseller targeted by pirates. Stephenie Meyer’s Twilight books were reportedly the most downloaded fiction books on BitTorrent in 2009, being downloaded somewhere between 100,000 and 250,000 times. While none of J.K. Rowling’s Harry Potter books are officially available as e-books, pirates have scanned all of her books and converted them into PDF files which can be viewed on any e-book reader. All told, one-third of Publisher’s Weekly’s 2009 top 15 bestselling fiction books were found available for download.
For better or worse, pirates do not discriminate when it comes to book genre. In addition to bestsellers, pirates also make available illegal copies of textbooks, professional books (such as medical books and technical guides), business and investment books, and general fiction and non-fiction books.
What’s driving the uptake in e-book piracy? One plausible factor is the emergence and growing popularity of several e-book readers over the past couple of years. An interesting TorrentFreak study examined the impact of the recent iPad launch on the levels of e-book piracy. The study looked at the level of illegal downloads of e-books several days before and after the e-reader’s official launch on April 3, 2010. The study found that 6 of the top 10 bestselling business paperback books were in fact pirated, and that illegal downloads of these books grew 78% after the launch. (Curiously enough, the study did not find any of the top 10 all-around best selling books were pirated at the time.) For example, illegal downloads of David Allen’s book Getting Things Done increased 57% after the launch from 277 to 435 per day. Downloads of Freakonomics jumped 140% from 187 to 381 after the launch.
While the surge in illegal downloads may seem staggering, the absolute volume of illegal e-book downloads is actually relatively small when compared to downloads of popular music and film releases, which can reach more than 1 million downloads in one week. A likely reason for this is that the installed base of e-readers is still relatively small when compared to the installed base of MP3 and DVD players. Another potential reason is that most books are not yet available as e-books, legally or not. Unlike other digital formats which take just minutes or a couple of hours to pirate, creating an illegal e-book can take hours upon hours to scan, convert to readable characters (via an OCR application) and proof, or for determined hackers, at least some effort to crack the DRM technology.
E-book piracy has indeed had some initial traction, but has not spun out of control – yet. Authors, publishers and book sellers still have an opportunity to get this right and have already taken several steps in the right direction, including offering legal e-books at an attractive price and making them convenient to access (as Apple did with music sales via its iTunes store). In tandem, the publishing industry should continue to aggressively defend its rights online by detecting and quickly responding to illegally hosted copies of their copyrighted works. Otherwise, it risks allowing e-book piracy to become firmly established and accepted by readers, which will be harder to address down the road.
Tags: Brand Abuse, Brandjacking, ebooks, Piracy
May 20, 2010 – 3:56 pm by Elisa Cooper
In a recent survey of MarkMonitor’s global corporate client base*, nearly 22% of respondents stated that their companies are intending to apply for a new gTLD.
Twenty-three percent stated that their companies did not intend to apply for a new gTLD, while more than 55% still did not know which route they would eventually take.
According to the survey results, of those planning to acquire a new gTLD, 69% said that they would be doing it for “defensive purposes only, to keep others from applying and with no immediate plans to use the new gTLD.”
When asked whether the introduction of new gTLDs would require increased efforts around the policing of brands on the Internet, a whopping 76% of respondents believed that it would.
These numbers can give some insight into how corporations are approaching new gTLDs, and clearly many have begun the process of working with the various stakeholder groups within their respective companies to identify whether or not a new gTLD makes sense.
However, a majority of the companies still have not yet decided what to do, which is worrisome, as the fourth draft guidebook is expected to be released in June of this year with a final version potentially released late this year or early next.
Given this relatively short timeline, companies should begin strategy development immediately. Every corporation will need to carefully assess the impacts, choose an offensive, defensive or combined strategy, and begin developing processes to execute that strategy.
For more information on new gTLDs, visit MarkMonitor’s dotBrand Resource Center.
* A total of 95 respondents participated in the survey
Tags: Domains, gTLDs, icann, New gTLDs, top level domains
May 7, 2010 – 3:23 pm by Elisa Cooper
On Thursday, May 20th, ICANN (Internet Corporation for Assigned Names and Numbers) is hosting a webinar to introduce newcomers to the world of ICANN and policy development.
ICANN is dedicated to preserving the operational stability of the Internet; to promoting competition; to achieving broad representation of global Internet communities; and to developing policy appropriate to its mission through bottom-up, consensus-based processes.
The webinar will provide an overview of ICANN, policy issues addressed by the organization, and the methods for doing so.
The webinar is designed to help those new to ICANN understand how to become involved and how to shape the future of the Internet.
For more information or to attend the session visit: http://www.icann.org/en/announcements/announcement-06may10-en.htm
Tags: icann, webinar
May 3, 2010 – 5:53 pm by Elisa Cooper
Last week, ICANN’s Tina Dam appeared on CNN’s, “Qwest Means Business” discussing the importance of IDN ccTLDs.
When asked whether having non-Latin domain names might contribute to greater confusion, Tina Dam stated that she did not see any reason why non-native speakers would need to access websites in other languages. Of course, I am sure that those protecting brands across the globe, would beg to differ.
Additional information regarding the interview is available at CircleID
Tags: Brand Abuse, ccTLD, Domains, IDN, trademark
|
