Cybersquatters, phishers sharpen tactics for holiday season

By Robert Westervelt, News Editor 19 Nov 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Cybersquatters and phishers have beefed up their tactics for the holiday season making it difficult for online shoppers and frustrating for many businesses, according to analysts at MarkMonitor, a firm that tracks company brand abuse on the Internet.

We're still seeing a fair amount of sponsored links across all of the online ad providers that are not from the brands they represent. Frederick Felman, chief marketing officer, MarkMonitor

The company conducted a four week analysis in September to determine the state of brandjacking – a common problem brand names being abused on the Web.

Cybersquatting, the term used when a person hijacks a word or phrase using a Web domain to point to a site that isn't owned by the trademark owner is among MarkMonitor's top concerns headed into the holiday season. The practice rose 10% over the previous quarter and 20% year over year. It falls in line with expectations as the holiday season ramps up, said Frederick Felman, chief marketing officer of MarkMonitor.

"We're still seeing a fair amount of sponsored links across all of the online ad providers that are not from the brands they represent," Felman said.

Top retailers such as Walmart, Target and Toys R Us care about brand abuse because it often diverts traffic from their Web sites and ultimately could result in lower sales, Felman said. More importantly, a number of cybsersquatters and phishers are also scamming consumers by stealing personal information or failing to deliver goods, which does a lot of harm to a brand name, he said.

Phishing scams: Attackers abusing trusted domain names: Researchers at Finjan Inc. say hackers are exploiting a loophole in the domain name registration process to circumvent Web site blockers and prolong the duration of their attacks. Yahoo launches email tool to identify eBay, PayPal phishing: Yahoo is introducing DomainKeys signature-based email authentication technology in an effort to cut down on phishing attacks using fake eBay and PayPal messages. Report: Spam, phishing attacks growing more sophisticated: Security researchers at MessageLabs and Symantec are reporting a significant rise in more sophisticated botnet and phishing attacks, putting a stranglehold on corporate communications.

Phishers are also playing a role this holiday season. The company examined common spam messages and found that many phishers are praying on consumers with an offer for a free gift card if they fill out a form. Instead of getting a card, many forms request personal information such as birthdates and even Social Security Numbers, Felman said. Meanwhile counterfeit gift cards are making their way onto online auction sites such as Ebay, Felman said.

"Spammers do this for the money and they do the campaigns that deliver the money to them, so this tactic is working for them," Felman said.

Phishers are also targeting the retail and auction industries as they represent 39% of all phishing attacks. MarkMonitor is seeing a shift away from Ebay and PayPal as the most abused brands by phishers. Phishers are using larger financial firms and even social networks to trick consumers, Felman said.

Phish site deployment is also becoming more automated with the use of self-updating phishing kits sold on the black market. Fast flux DNS networks – the use of a quickly changing network to capitalize on hosted DNS to create more resilient phish sites is also on the rise, Felman said. The amount of phishing infrastructure for hire is also increasing, including botnet rentals and ISPs targeting illicit activity.

Felman said consumers should use strong unique passwords on sites that store sensitive information. He warned that consumers should never divulge information about themselves or their finances in exchange for goods or money.

Tags: Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Email and Messaging Threats (spam, phishing, instant messaging) Messaging security risks have upper hand on solutions Web-based attacks skyrocket, pirating sites surge, security firms say Pushdo botnet uses Facebook to spread malicious email attachment Scareware report highlights successful business model How to prevent phishing attacks with social engineering tests Phishing protection begins with training, antiphishing evangelist Phishing attacks to remain a major problem, say security experts Barracuda acquires Purewire expanding Web security reach FBI raids phishing crime ring, nearly 100 arrested Massive phishing scheme affects Microsoft Hotmail accounts Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CAPTCHA  (SearchSecurity.com) crimeware  (SearchSecurity.com) Operation Phish Phry  (SearchSecurity.com) pharming  (SearchSecurity.com) phishing  (SearchSecurity.com) Register of Known Spam Operations  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Sender Policy Framework  (SearchSecurity.com) spam cocktail  (SearchSecurity.com) spear phishing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary