Cybersquatters and phishers have beefed up their tactics for the holiday season making it difficult for online shoppers and frustrating for many businesses, according to analysts at MarkMonitor, a firm that tracks company brand abuse on the Internet.
The company conducted a four week analysis in September to determine the state of brandjacking – a common problem brand names being abused on the Web.
Cybersquatting, the term used when a person hijacks a word or phrase using a Web domain to point to a site that isn't owned by the trademark owner is among MarkMonitor's top concerns headed into the holiday season. The practice rose 10% over the previous quarter and 20% year over year. It falls in line with expectations as the holiday season ramps up, said Frederick Felman, chief marketing officer of MarkMonitor.
"We're still seeing a fair amount of sponsored links across all of the online ad providers that are not from the brands they represent," Felman said.
Top retailers such as Walmart, Target and Toys R Us care about brand abuse because it often diverts traffic from their Web sites and ultimately could result in lower sales, Felman said. More importantly, a number of cybsersquatters and phishers are also scamming consumers by stealing personal information or failing to deliver goods, which does a lot of harm to a brand name, he said.
Phishers are also playing a role this holiday season. The company examined common spam messages and found that many phishers are praying on consumers with an offer for a free gift card if they fill out a form. Instead of getting a card, many forms request personal information such as birthdates and even Social Security Numbers, Felman said. Meanwhile counterfeit gift cards are making their way onto online auction sites such as Ebay, Felman said.
"Spammers do this for the money and they do the campaigns that deliver the money to them, so this tactic is working for them," Felman said.
Phishers are also targeting the retail and auction industries as they represent 39% of all phishing attacks. MarkMonitor is seeing a shift away from Ebay and PayPal as the most abused brands by phishers. Phishers are using larger financial firms and even social networks to trick consumers, Felman said.
Phish site deployment is also becoming more automated with the use of self-updating phishing kits sold on the black market. Fast flux DNS networks – the use of a quickly changing network to capitalize on hosted DNS to create more resilient phish sites is also on the rise, Felman said. The amount of phishing infrastructure for hire is also increasing, including botnet rentals and ISPs targeting illicit activity.
Felman said consumers should use strong unique passwords on sites that store sensitive information. He warned that consumers should never divulge information about themselves or their finances in exchange for goods or money.