|
First Phishing... Now Kiting
A new form of brandjacking, called domain kiting, takes advantage of ICANN loophole. by Amy Rogers Nazarov
You're painfully aware that your organization's brand could take a big hit if your network defenses are penetrated and personal information is compromised.
However, your brand may also be tarnished if crooks pretending to be your company divert prospects from the Web domains you've purchased and sites you've spent countless resources building, or if they pose as representatives of your company on the phone.
Phishing is among the most egregious forms of so-called brandjacking. Domain kiting, also known as tasting--which takes advantage of ICANN's five-day period to repeatedly register for a free domain that may incorporate a well-known brand--is another popular form of brand abuse cooked up by the bad guys.
Any organization with licensed domain names must be vigilant in defending them from misuse, something Del Ross, vice president for distribution marketing for InterContinental Hotels Group's Americas division, knows all too well. Ross and six colleagues chase through cyberspace looking for those who help themselves to variants of IHG's well-known brands--Holiday Inn and Crowne Plaza Hotels--to bring a veneer of legitimacy to their Web machinations.
From the bogus domain www.crownplaza.com (note the misspelling), which steered would-be hotel patrons to a porn site, to intermediary sites (such as holidayinn-reservations.net) hoping to earn a percentage of an actual room booking, threats to IHG's brands--and its more than 3,500 registered domain names--crop up constantly, Ross says.
While Ross is not sure that customers would view IHG's brands in a negative light if they stumbled onto a rogue site, "I just don't think we want to take that chance. I can't imagine that it helps us, guests having that experience."
Kiting and phishing and their low-tech equivalents "all take a good brand and siphon traffic away," says Frederick Felman, chief marketing officer at Mark-Monitor, a San Francisco-based company that specializes in domain management, antiphishing and trademark-protection services. "These things interrupt a consumer's ability to trust," he says. IHG is among MarkMonitor's clients.
Organizations must continue to pay attention to low-tech forms of brandjacking, such as phone calls soliciting donations. Beverly Magda, CIO of the Humane Society of the U.S., says that educating would-be donors about the pitfalls of phone solicitations must be ongoing in tandem with online education efforts. If a caller says he's a Humane Society representative calling about your donation, yet "coming to you with a [full or partial] credit card number, it needs to raise a red flag," she says.
The good news is that some consumers are successfully separating the brands they trust from the tricks crooks deploy to pry loose private information.
Allison Fouts, a legal assistant from Reston, Va., says that a suspicious call from someone purporting to be from Amazon.com sent her straight to her computer, where she took several defensive measures, and her phone, which she used to report the call to Amazon's customer service.
"[The call] was the impetus I needed to change all my online passwords" and replace a credit card, she says. While Fouts opted against using Amazon for several months thereafter, eventually she did place another order with the e-commerce giant. What made her feel comfortable about going back? "Nothing bad happened, and the fear that it might wore off."
|
