News Stay informed about the latest enterprise technology news and product updates.

Cybersquatters, phishers sharpen tactics for holiday season

Consumers may have a greater chance of getting scammed this holiday season thanks to cybsersquatters and phishers offering free gift cards and brand name items.

Cybersquatters and phishers have beefed up their tactics for the holiday season making it difficult for online shoppers and frustrating for many businesses, according to analysts at MarkMonitor, a firm that tracks company brand abuse on the Internet.

We're still seeing a fair amount of sponsored links across all of the online ad providers that are not from the brands they represent.
Frederick Felman,
chief marketing officerMarkMonitor

The company conducted a four week analysis in September to determine the state of brandjacking – a common problem brand names being abused on the Web.

Cybersquatting, the term used when a person hijacks a word or phrase using a Web domain to point to a site that isn't owned by the trademark owner is among MarkMonitor's top concerns headed into the holiday season. The practice rose 10% over the previous quarter and 20% year over year. It falls in line with expectations as the holiday season ramps up, said Frederick Felman, chief marketing officer of MarkMonitor.

"We're still seeing a fair amount of sponsored links across all of the online ad providers that are not from the brands they represent," Felman said.

Top retailers such as Walmart, Target and Toys R Us care about brand abuse because it often diverts traffic from their Web sites and ultimately could result in lower sales, Felman said. More importantly, a number of cybsersquatters and phishers are also scamming consumers by stealing personal information or failing to deliver goods, which does a lot of harm to a brand name, he said.

Phishing scams:
Attackers abusing trusted domain names: Researchers at Finjan Inc. say hackers are exploiting a loophole in the domain name registration process to circumvent Web site blockers and prolong the duration of their attacks.

Yahoo launches email tool to identify eBay, PayPal phishing
: Yahoo is introducing DomainKeys signature-based email authentication technology in an effort to cut down on phishing attacks using fake eBay and PayPal messages.

Report: Spam, phishing attacks growing more sophisticated: Security researchers at MessageLabs and Symantec are reporting a significant rise in more sophisticated botnet and phishing attacks, putting a stranglehold on corporate communications.

Phishers are also playing a role this holiday season. The company examined common spam messages and found that many phishers are praying on consumers with an offer for a free gift card if they fill out a form. Instead of getting a card, many forms request personal information such as birthdates and even Social Security Numbers, Felman said. Meanwhile counterfeit gift cards are making their way onto online auction sites such as Ebay, Felman said.

"Spammers do this for the money and they do the campaigns that deliver the money to them, so this tactic is working for them," Felman said.

Phishers are also targeting the retail and auction industries as they represent 39% of all phishing attacks. MarkMonitor is seeing a shift away from Ebay and PayPal as the most abused brands by phishers. Phishers are using larger financial firms and even social networks to trick consumers, Felman said.

Phish site deployment is also becoming more automated with the use of self-updating phishing kits sold on the black market. Fast flux DNS networks – the use of a quickly changing network to capitalize on hosted DNS to create more resilient phish sites is also on the rise, Felman said. The amount of phishing infrastructure for hire is also increasing, including botnet rentals and ISPs targeting illicit activity.

Felman said consumers should use strong unique passwords on sites that store sensitive information. He warned that consumers should never divulge information about themselves or their finances in exchange for goods or money.

Dig Deeper on Email and Messaging Threats-Information Security Threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.