Brand jacking or the process of stealing content/identity of a website (or any specific brand) to make the spammer’s site appear more legitimate and mislead the consumer, is becoming a popular way of stealing information and passwords.
Financial sites that are associated with online banking, brokerage, lending and financial services or sites that directly support such a brand, comprise around 84 per cent of the spoofed brands.
“Over time, there has been an increased frequency of attacks where bogus links are placed on otherwise legitimate websites. On clicking on these bogus links, users are consequently led to malicious pages hosted on a different domain that are built to mimic the legitimate sites. These prompt users to enter the username and password combination that would have been used on the original site. The username and password details can then be logged in with the intention of future fraudulent use,” said Ratnamala Dam Manna, head, Security Reponse Symantec Corp.
Analysts caution that these attacks have some resemblance to phishing, except that instead of having a malicious link delivered via email, the link is “presented” on a well known (and even reputable) website. Users need to be careful, especially those who share a common username and password for other sites like their online banking or brokerage accounts.
“Users rely on a particular brand and scammers take advantage of that to make profits. So, basically, instead of sending malware in the mail, the scammer sends content on why the mail is sent,” concurred Abhinav Karnwal, product marketing manager, APEC, Trend Micro,
It is the company’s reputation and revenues that take a beating in such cases as the scammer resorts to negative marketing while posing as the brand, noted Manna. “It is a case of once bitten, twice shy as the user may not click on the link even if it is genuine,” added Karnwal.
