Endpoint
12/10/2012
12:48 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Biggest U.K. Brands Failing To Protect Their Customers From Online Fraud, New Research Find

A mere 6 percent of home pages included some sort of site validation

Research released today raises worrying questions about the current ability of online retailers to protect their customers from the threat of online fraud.

The research, conducted by online brand protection specialists Global Brands Protection Ltd in November 2012, tested the websites of 100 of our most popular high street retailers, including John Lewis, French Connection and Debenhams, to assess how well their assets were protected online. Key components examined included the company logo, product images, trustmarks and payment pages – in other words, those items that a would-be criminal would require to give their fraudulent site a legitimate appearance to online shoppers.

Key findings for the top 100 brands investigated include:

· 61 per cent of logos and 84 per cent of main images are unprotected

· A mere 6 per cent of homepages included some sort of site validation. In addition, only 15 per cent featured a validation system on their payment pages

· Accreditation and trustmarks were either entirely absent or unsecured

Marc Howard, co-founder of Global Brands Protection Ltd, said: “The results were somewhat astounding. Of the 100 sites we assessed, a mere 39 had seemingly taken any steps at all to protect the assets on their websites. Fully 84 per cent had product images that could be taken and the payment pages of 85 per cent were unvalidated. Essentially what this amounts to is the perfect recipe for online fraud. Using basic site scraping tools it’s possible to create a mirror image of a site using logos, the product images, and any other items that a consumer might look to for reassurance, such as validation marks. By leaving key elements of their sites unprotected, they are incredibly vulnerable to copycat sites. In most circumstances, a brand only becomes aware of a problem when consumers report that they have been ripped off.”

Images and logos can be taken in seconds either manually or by automated software. From the simple ‘right-click’ facility to take images, to sophisticated web-scrapers, which are freely available on the internet, criminals can download all the images on genuine sites to give them the collateral to build fake websites. At present, once an image has been removed from a genuine website, it is extremely difficult, and often impossible, even with current search tools, to find out who is using a brand’s images, where they are being used and for what purpose, legitimate or otherwise.

Danny Howard, co-founder of Global Brands Protection Ltd, added: “The research revealed that although many top brands are concerned about online security, a lot more could be done. Gold stars go to Burberry and Footlocker, who have clearly made attempts to secure their IP online, but in general, the results are dismal. Online scams and fraudulent sites are becoming more sophisticated by the day, making it difficult for even the savviest shoppers to discern illegitimate sites from genuine. As many as one in five online shoppers on the lookout for a bargain inadvertently find themselves lumbered with fraudulent product[1], and often nothing at all. Taking into account that online retailers are in line for a bumper Christmas this year, with UK consumers expected to spend £4.6 billion online during the first two weeks of December[2], there’s a great deal at stake.”

“Tackling online fraud is an ongoing arms race against the ever more sophisticated use of technology. However, some relatively simple steps can be taken by retailers operating online to prevent their identities being stolen and used fraudulently,” Marc concluded.

[1] https://www.markmonitor.com/download/report/MarkMonitor_Shopping_Report-2012.pdf

[2] http://www.guardian.co.uk/money/2012/nov/12/online-retailers-expect-bumper-christmas

-ENDS-

Notes to editors

About Global Brands Protection Ltd.

Global Brands Protection Ltd. (GBP) was established in 2011 to provide proven solutions to protect brand identity online. GBP Ltd. provides systems to help businesses control and manage their intellectual property and brand assets online.

As a worldwide solution provider GBP Ltd. offers corporations some of the most advanced online protection software in the marketplace.

For more information, please visit: http://www.globalbrandsprotection.com/

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-6651
Published: 2014-07-31
Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.

CVE-2014-2970
Published: 2014-07-31
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality ...

CVE-2014-3488
Published: 2014-07-31
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

CVE-2014-3554
Published: 2014-07-31
Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.

CVE-2014-5171
Published: 2014-07-31
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.

Best of the Web
Dark Reading Radio