Endpoint
12/10/2012
12:48 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Biggest U.K. Brands Failing To Protect Their Customers From Online Fraud, New Research Find

A mere 6 percent of home pages included some sort of site validation

Research released today raises worrying questions about the current ability of online retailers to protect their customers from the threat of online fraud.

The research, conducted by online brand protection specialists Global Brands Protection Ltd in November 2012, tested the websites of 100 of our most popular high street retailers, including John Lewis, French Connection and Debenhams, to assess how well their assets were protected online. Key components examined included the company logo, product images, trustmarks and payment pages – in other words, those items that a would-be criminal would require to give their fraudulent site a legitimate appearance to online shoppers.

Key findings for the top 100 brands investigated include:

· 61 per cent of logos and 84 per cent of main images are unprotected

· A mere 6 per cent of homepages included some sort of site validation. In addition, only 15 per cent featured a validation system on their payment pages

· Accreditation and trustmarks were either entirely absent or unsecured

Marc Howard, co-founder of Global Brands Protection Ltd, said: “The results were somewhat astounding. Of the 100 sites we assessed, a mere 39 had seemingly taken any steps at all to protect the assets on their websites. Fully 84 per cent had product images that could be taken and the payment pages of 85 per cent were unvalidated. Essentially what this amounts to is the perfect recipe for online fraud. Using basic site scraping tools it’s possible to create a mirror image of a site using logos, the product images, and any other items that a consumer might look to for reassurance, such as validation marks. By leaving key elements of their sites unprotected, they are incredibly vulnerable to copycat sites. In most circumstances, a brand only becomes aware of a problem when consumers report that they have been ripped off.”

Images and logos can be taken in seconds either manually or by automated software. From the simple ‘right-click’ facility to take images, to sophisticated web-scrapers, which are freely available on the internet, criminals can download all the images on genuine sites to give them the collateral to build fake websites. At present, once an image has been removed from a genuine website, it is extremely difficult, and often impossible, even with current search tools, to find out who is using a brand’s images, where they are being used and for what purpose, legitimate or otherwise.

Danny Howard, co-founder of Global Brands Protection Ltd, added: “The research revealed that although many top brands are concerned about online security, a lot more could be done. Gold stars go to Burberry and Footlocker, who have clearly made attempts to secure their IP online, but in general, the results are dismal. Online scams and fraudulent sites are becoming more sophisticated by the day, making it difficult for even the savviest shoppers to discern illegitimate sites from genuine. As many as one in five online shoppers on the lookout for a bargain inadvertently find themselves lumbered with fraudulent product[1], and often nothing at all. Taking into account that online retailers are in line for a bumper Christmas this year, with UK consumers expected to spend £4.6 billion online during the first two weeks of December[2], there’s a great deal at stake.”

“Tackling online fraud is an ongoing arms race against the ever more sophisticated use of technology. However, some relatively simple steps can be taken by retailers operating online to prevent their identities being stolen and used fraudulently,” Marc concluded.

[1] https://www.markmonitor.com/download/report/MarkMonitor_Shopping_Report-2012.pdf

[2] http://www.guardian.co.uk/money/2012/nov/12/online-retailers-expect-bumper-christmas

-ENDS-

Notes to editors

About Global Brands Protection Ltd.

Global Brands Protection Ltd. (GBP) was established in 2011 to provide proven solutions to protect brand identity online. GBP Ltd. provides systems to help businesses control and manage their intellectual property and brand assets online.

As a worldwide solution provider GBP Ltd. offers corporations some of the most advanced online protection software in the marketplace.

For more information, please visit: http://www.globalbrandsprotection.com/

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4807
Published: 2014-11-22
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.

CVE-2014-6183
Published: 2014-11-22
IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVE-2014-8626
Published: 2014-11-22
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding...

CVE-2014-8710
Published: 2014-11-22
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

CVE-2014-8711
Published: 2014-11-22
Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?