Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/20/2007
02:47 AM
50%
50%

MarkMonitor: Phishers Increase 'Brandjacking'

MarkMonitor Brandjacking Index exposes online scams that threaten top pharmaceutical brands and hurt consumers

SAN FRANCISCO -- MarkMonitor®, the global leader in enterprise brand protection, today released the Summer 2007 Brandjacking Index™, reporting that online scammers increasingly abuse the top-ranked brands and endanger consumers by selling questionable prescription drugs through dubious online pharmacies. In the case of prescription drug sites that sell the most popular brands, the report showed the majority operate without proper credentials and lack even the most basic e-commerce security features, risking customers’ health and putting their personal information at risk.

“The data shows brandjackers are profoundly exploiting brands, using increasingly sophisticated tactics, and, in the case of the pharmaceutical industry, posing an outright danger to consumers through questionable practices that indicate counterfeiting and gray markets,” said Irfan Salim, president and chief executive officer of MarkMonitor. “Caveat emptor on the part of consumers is not a sufficient response to the depredations of online scammers and thieves; brand holders must shoulder the responsibility of protecting their brands online from the highly-developed and ever-evolving threats that brandjackers pose.”

The quarterly MarkMonitor Brandjacking Index is an independent report that measures the effect of online threats to brands and investigates trends, including drilled-down analysis of how the most popular brands are abused online and the industries in which abuse is causing the most damage. In addition to ongoing tracking of 30 leading brands as identified by Interbrand, the summer report includes a research focus on online abuses of pharmaceutical brands, including an investigation of the counterfeit/gray market for popular prescription drugs.

The report’s drug and online channel abuse data for the online pharmaceutical market is based on six leading drug brands: three of the highest ranking drug products according to the “Top 200 Brands for 2006 by US Sales” study by Drugs.com and three of the most frequently searched drug products online.

Following are select findings from the MarkMonitor Summer 2007 Brandjacking Index:

Online sales of fake, expired or gray-market drugs are big business and illicit practices breed health and security risks

  • Of the 3,160 online pharmacies studied, only four are accredited as Verified Internet Pharmacy Practice Sites (VIPPS), the industry credential that assures consumers of legitimate online pharmacy operations.
  • 10 percent of the online pharmacies studied clearly state no prescription is required to purchase the drugs.
  • 59% of these 3,160 pharmacies were hosted in the United States, followed by the United Kingdom which hosted 18% of the pharmacies.
  • More than 50 percent of them do not secure customer data, putting consumers’ identity information at risk. The majority does not use SSL encryption and more than 20 percent of post-purchase emails captured in the MarkMonitor analysis contained links to unencrypted customer data.
  • One-third of the online pharmacies in the study generate enough traffic to merit an Alexa ranking. Each of these sites sees an average of 32,000 visitors daily. Using industry statistics for traffic conversion and average order sizes, MarkMonitor estimates that this traffic converts to $4 billion in annual sales for the six drug brands studied.
  • Representative sampling of pricing for one popular drug brand shows an average of $10.85 for VIPPS-accredited sites in contrast to an average price of $2.72 for non-accredited sites. These deep discounts are significantly higher than the known channel allowance and strongly point to questionable drug products.
  • Exchange sites that sell pharmaceuticals in bulk quantities by the pill risk corrupting the overall drug supply chain by injecting potentially phony and dangerous medications into the market. Analysis of just 21 exchange/trade sites shows 75 million individual pills available for sale for the six drug brands studied, which, according to conservative estimates, equals a $150 million wholesale market for those six brands alone.
  • 31 percent of exchange site listings originated in China followed by 26 percent in the United States and 19 percent in India.

“Criminals around the world continue to show a remarkable degree of adaptability and flexibility as they take advantage of the Internet to hijack well-known brands to steal funds, rob identities, launch major profit centers for counterfeit and gray-market goods and conduct other nefarious activities,” said Frederick Felman, chief marketing officer for MarkMonitor. “Brand holders are left with the incredible burden of preserving the integrity of their brand on the Internet to protect their reputations, revenues and customers.”

MarkMonitor

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26077
PUBLISHED: 2021-05-10
Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring...
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.