Phish Where The Phishers Are

Many brand holders face a daily battle against the cyber criminals, trying to stay one step ahead to ensure that their web traffic, revenues and, of course, customers are kept safe.  One of the hardest threats to protect against is phishing because it is an instant act.  The most comprehensive brand protection strategies can monitor the Internet 24x7 but often brand holders can only act on the information on a daily basis.  Phishing attacks can happen in an instant, and the nature of the Internet means that it often only takes one victim to give the cybercriminal a return on their investment.

Domain names can be registered in an instant, authentic looking websites can be designed in seconds and victims can be duped in a matter of minutes anywhere in the world.  Brand holders often fall victims to these attacks long after the damage has been done.  Reputation damage is as serious as a security attack on global brands.

However, it seems that brand holders may have overlooked something relatively simple in their defence against phishing attacks. San Francisco-based OpenDNS provides DNS-based security services to more than 10,000 organisations, processing more than 70 billion Internet request per day.  Their analysis into phishing attacks has unearthed that cyber criminals are prone to use the same keywords in registering their domain names for the attacks.

Director of Security at OpenDNS, Andrew Hay noted that the same patterns of words are used more commonly than others.  Keywords such as “security”, “billing” and “login” are often used with the brand name to give the impression of authenticity.  OpenDNS also noted that cyber criminals tend to use uncommon domain name registrars, unusual hosting locations and irregular Whois information.

What can brand holders do with this information?  For starters, any organisation that uses an online portal that requires secure login should protect their key brands and trademarks around these keywords.  This is especially important with the launch of the new gTLDs which offer a new level of opportunity for the cyber criminals.

Customer education is key to mitigate against the risk of customers falling victim to phishing attacks.  Investing in a programme that informs customers about the “real” digital assets is as important as protecting trademarks and patents.  Organisations may spend thousands on perimeter security for their web presence, securing login pages with Secure Socket Layer (SSL) and two-factor authentication.  But if customers do not know that, how will they know they are handing over their personal details to an illegitimate third party.

Using the research from OpenDNS is invaluable, but it should not be used as the only method of brand protection.  It should form part of the holistic strategy that also looks at logo abuse, affiliate monitoring and of course, counterfeit and marketplace detection.