12:48 PM
Dark Reading
Dark Reading
Products and Releases

Biggest U.K. Brands Failing To Protect Their Customers From Online Fraud, New Research Find

A mere 6 percent of home pages included some sort of site validation

Research released today raises worrying questions about the current ability of online retailers to protect their customers from the threat of online fraud.

The research, conducted by online brand protection specialists Global Brands Protection Ltd in November 2012, tested the websites of 100 of our most popular high street retailers, including John Lewis, French Connection and Debenhams, to assess how well their assets were protected online. Key components examined included the company logo, product images, trustmarks and payment pages – in other words, those items that a would-be criminal would require to give their fraudulent site a legitimate appearance to online shoppers.

Key findings for the top 100 brands investigated include:

· 61 per cent of logos and 84 per cent of main images are unprotected

· A mere 6 per cent of homepages included some sort of site validation. In addition, only 15 per cent featured a validation system on their payment pages

· Accreditation and trustmarks were either entirely absent or unsecured

Marc Howard, co-founder of Global Brands Protection Ltd, said: “The results were somewhat astounding. Of the 100 sites we assessed, a mere 39 had seemingly taken any steps at all to protect the assets on their websites. Fully 84 per cent had product images that could be taken and the payment pages of 85 per cent were unvalidated. Essentially what this amounts to is the perfect recipe for online fraud. Using basic site scraping tools it’s possible to create a mirror image of a site using logos, the product images, and any other items that a consumer might look to for reassurance, such as validation marks. By leaving key elements of their sites unprotected, they are incredibly vulnerable to copycat sites. In most circumstances, a brand only becomes aware of a problem when consumers report that they have been ripped off.”

Images and logos can be taken in seconds either manually or by automated software. From the simple ‘right-click’ facility to take images, to sophisticated web-scrapers, which are freely available on the internet, criminals can download all the images on genuine sites to give them the collateral to build fake websites. At present, once an image has been removed from a genuine website, it is extremely difficult, and often impossible, even with current search tools, to find out who is using a brand’s images, where they are being used and for what purpose, legitimate or otherwise.

Danny Howard, co-founder of Global Brands Protection Ltd, added: “The research revealed that although many top brands are concerned about online security, a lot more could be done. Gold stars go to Burberry and Footlocker, who have clearly made attempts to secure their IP online, but in general, the results are dismal. Online scams and fraudulent sites are becoming more sophisticated by the day, making it difficult for even the savviest shoppers to discern illegitimate sites from genuine. As many as one in five online shoppers on the lookout for a bargain inadvertently find themselves lumbered with fraudulent product[1], and often nothing at all. Taking into account that online retailers are in line for a bumper Christmas this year, with UK consumers expected to spend £4.6 billion online during the first two weeks of December[2], there’s a great deal at stake.”

“Tackling online fraud is an ongoing arms race against the ever more sophisticated use of technology. However, some relatively simple steps can be taken by retailers operating online to prevent their identities being stolen and used fraudulently,” Marc concluded.

[1] https://www.markmonitor.com/download/report/MarkMonitor_Shopping_Report-2012.pdf

[2] http://www.guardian.co.uk/money/2012/nov/12/online-retailers-expect-bumper-christmas


Notes to editors

About Global Brands Protection Ltd.

Global Brands Protection Ltd. (GBP) was established in 2011 to provide proven solutions to protect brand identity online. GBP Ltd. provides systems to help businesses control and manage their intellectual property and brand assets online.

As a worldwide solution provider GBP Ltd. offers corporations some of the most advanced online protection software in the marketplace.

For more information, please visit: http://www.globalbrandsprotection.com/

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.