Endpoint
12/10/2012
12:48 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Biggest U.K. Brands Failing To Protect Their Customers From Online Fraud, New Research Find

A mere 6 percent of home pages included some sort of site validation

Research released today raises worrying questions about the current ability of online retailers to protect their customers from the threat of online fraud.

The research, conducted by online brand protection specialists Global Brands Protection Ltd in November 2012, tested the websites of 100 of our most popular high street retailers, including John Lewis, French Connection and Debenhams, to assess how well their assets were protected online. Key components examined included the company logo, product images, trustmarks and payment pages – in other words, those items that a would-be criminal would require to give their fraudulent site a legitimate appearance to online shoppers.

Key findings for the top 100 brands investigated include:

· 61 per cent of logos and 84 per cent of main images are unprotected

· A mere 6 per cent of homepages included some sort of site validation. In addition, only 15 per cent featured a validation system on their payment pages

· Accreditation and trustmarks were either entirely absent or unsecured

Marc Howard, co-founder of Global Brands Protection Ltd, said: “The results were somewhat astounding. Of the 100 sites we assessed, a mere 39 had seemingly taken any steps at all to protect the assets on their websites. Fully 84 per cent had product images that could be taken and the payment pages of 85 per cent were unvalidated. Essentially what this amounts to is the perfect recipe for online fraud. Using basic site scraping tools it’s possible to create a mirror image of a site using logos, the product images, and any other items that a consumer might look to for reassurance, such as validation marks. By leaving key elements of their sites unprotected, they are incredibly vulnerable to copycat sites. In most circumstances, a brand only becomes aware of a problem when consumers report that they have been ripped off.”

Images and logos can be taken in seconds either manually or by automated software. From the simple ‘right-click’ facility to take images, to sophisticated web-scrapers, which are freely available on the internet, criminals can download all the images on genuine sites to give them the collateral to build fake websites. At present, once an image has been removed from a genuine website, it is extremely difficult, and often impossible, even with current search tools, to find out who is using a brand’s images, where they are being used and for what purpose, legitimate or otherwise.

Danny Howard, co-founder of Global Brands Protection Ltd, added: “The research revealed that although many top brands are concerned about online security, a lot more could be done. Gold stars go to Burberry and Footlocker, who have clearly made attempts to secure their IP online, but in general, the results are dismal. Online scams and fraudulent sites are becoming more sophisticated by the day, making it difficult for even the savviest shoppers to discern illegitimate sites from genuine. As many as one in five online shoppers on the lookout for a bargain inadvertently find themselves lumbered with fraudulent product[1], and often nothing at all. Taking into account that online retailers are in line for a bumper Christmas this year, with UK consumers expected to spend £4.6 billion online during the first two weeks of December[2], there’s a great deal at stake.”

“Tackling online fraud is an ongoing arms race against the ever more sophisticated use of technology. However, some relatively simple steps can be taken by retailers operating online to prevent their identities being stolen and used fraudulently,” Marc concluded.

[1] https://www.markmonitor.com/download/report/MarkMonitor_Shopping_Report-2012.pdf

[2] http://www.guardian.co.uk/money/2012/nov/12/online-retailers-expect-bumper-christmas

-ENDS-

Notes to editors

About Global Brands Protection Ltd.

Global Brands Protection Ltd. (GBP) was established in 2011 to provide proven solutions to protect brand identity online. GBP Ltd. provides systems to help businesses control and manage their intellectual property and brand assets online.

As a worldwide solution provider GBP Ltd. offers corporations some of the most advanced online protection software in the marketplace.

For more information, please visit: http://www.globalbrandsprotection.com/

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2963
Published: 2014-07-10
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.

CVE-2014-3310
Published: 2014-07-10
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

CVE-2014-3311
Published: 2014-07-10
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

CVE-2014-3315
Published: 2014-07-10
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

CVE-2014-3316
Published: 2014-07-10
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.