Do we know what we are clicking on when it comes to search?

Stuart Fuller

With the number of global Internet users rising every month as technology reaches even the most inaccessible areas of the world, the opportunity for organizations to reach new markets and new customers grows. It’s fair to say that access to the Internet will change the lives of the next generation, but at what cost? Unfortunately, for all of the opportunities that exist today – and will tomorrow – the threat landscape posed by those who see the Internet as a medium to conduct their illicit trade is also increasing.

Cyber-criminals take advantage of the simplicity of the way the Internet works by diverting legitimate web traffic to websites that contain material that at best is intellectual property abuse; at worst could prove deadly. Sadly, the easier we make the Internet experience, the easier it is for cyber-criminals to continue to ply their trade.

The speed and the cost of being able to register a domain name is a great example. We’ve seen one of the biggest growth spurts in the history of domain name registrations in the first part of 2016, as a number of domain registries offered pricing promotions where domains were available for just a few pence. For a cyber-criminal, the return on investment in using a domain name that infringes on a third party’s IP becomes too hard to resist. The barrier to entry for cyber-crime and intellectual property abuse disappears, and means that they may only need one victim to make a profit from a particular attack. The problem of cyber-squatting continues to be a major headache for brand holders as the new gTLD program rolls on, as many either haven’t engaged in the changes to the Internet or have no clear strategy to ensure their valuable digital assets are protected. The website nTLDStats.com currently shows almost 70,000 live domain names registered using new gTLDs that it believes are being used in an illegal way – either for fraudulent purposes or distributing malware.

One key approach brand holders can take is to try to educate their customers on some of these perils and give them a mechanism to report any suspicious activity they see online that’s related to their company or products. The Moral Strategy, as we have called it, is being used to great effect by global brands such as Ugg, Canon and J Barbour. By arming customers with the facts, those brands are effectively increasing their capability to monitor the web for infringements at virtually no cost. In return, customers’ trust in the brand increases as they can see that the company is sensible enough to realize and admit that bad actors are out there trying to divert customers and revenues away, and want to do something about it.

A study published by PwC in 2013 found that 31% of respondents had no idea that the products they had bought were counterfeit. Some of those consumers will have been duped by using websites that looked like the real thing and may have even used a domain name featuring the brand’s name. Cyber-criminals use exactly the same methods as genuine brand holders to capture Internet traffic, including using paid search.

There was a time when we could clearly distinguish between paid ads and natural search on Google. Earlier in 2016, the search giant removed the ads that used to appear on the right hand side of the search results page. Most people recognized these as the paid or sponsored ads. Then the text used in the ads that appeared at the top of the search page changed slightly – previously ads had a yellow label above them; now that appears in most instances as green, blending in with the rest of the text. These subtle changes have led to an increase in the number of search users being unable to distinguish between paid ads and natural search.

Although this suits the advertisers perfectly (as most web users have the same attitude towards ads as junk mail, spam or those unwanted accident-claim automated telephone calls), for the cyber-criminal it offers a way to legitimize the look and feel of an ad and potentially make it easier to divert genuine traffic onto their websites. A recent survey published by VARN underlines the dangers here, as it found that 55% of the web users it spoke to could not distinguish between organic and paid search results.

The findings in the report are deeply worrying for many people who see the Internet as their core channel to market. Although search organizations such as Google do investigate the background to advertisers (the ‘quality score’ approach), knowing that over 50% of the audience is unaware what they could be clicking on is a very worrying fact. Organizations need to have a strategy in place that allows them to understand who may be impersonating their brand in the search results for their key terms. Most Internet users don’t look closely at the URL being used; focusing more on title of the web page and the description of the content. That’s the weapon used by many cyber-criminals, knowing that if they use the same language as the genuine brand they will create trust and encourage the average web user to follow the URL to their illegitimate website.

The advice for brand holders remains the same – look to educate your online customers into how and where your brand, products and services can be found online. Provide a mechanism for them to report anything suspicious and, above all, invest in a brand protection monitoring program that can help identify infringing material, whether that’s through bad actors using paid search to divert traffic away, cyber-squatters registering infringing domain names, or websites that are clearing infringing and abusing your intellectual property.