Creativity is the power that drives innovation. It's too bad it also gives hackers and others with malicious intent a constantly-growing box of tools for encroaching on your digital presence, by utilizing several techniques leveraging your domain name that ultimately affects your brand and your reputation.
Looking across our entire customer base, we've found our customers have suffered not 2 or 3, but an average of 61 fraudulent domain and sub-domain encroachments that damage their digital presence. Such high numbers show a concerted and pervasive effort to damage companies and their brands.
What's at Risk?
Many executives, when thinking about and planning for defenses against cyber crime, rightly believe an attack will begin at the company's IT infrastructure, which will take time and money to repair. However, looking deeper, one quickly sees that an attack can do damage far beyond the technology domain if it is aimed at the company's public facing assets, specifically the domain registrations around the globe that companies must do to support their business. Through the years these domains and sub-domains grow to the point that an inventory of registrations is hard to track and internal ownership becomes murky. Hackers exploit this process challenge to take advantage of your domains, that are ultimately are conveying an aspect of your brand to the public. Recovery from attacks that target a company's brand can take years.
Over that recovery time the victimized firm may have to pay regulatory fines if, say, Protected Health Information (PHI) or Personally Identifiable Information (PII) is compromised. It may face litigation, including class-action suits and legal fees. The loss of intellectual property, premium increases for insurance covering cyber attacks, and even revenue loss due to the firm's tainted name in the marketplace are just a few of the damage scenarios digital impersonation using your domains often brings.
The Real Impact of Digital Impersonation
Working with clients across virtually every industry, we've found that hackers exploit your domain for many reasons. Some intend to directly harm the company, while others want to leverage from a company's good name in the marketplace for their own financial gain.
Bad actors most often use fake pages and websites utilizing your domain to impersonate a company's brand. They can be designed with any number of intentions. However, all of them promise to give visitors the worst possible customer experience. Here are several of the most common issues we have found, atlough they are virtually limtless and aare often built to attack a companies specific business model:
A fake website using the company's name tricks visitors into installing fraudulent software that delivers malware.
Such a site can direct visitors to illegal gambling or other unsavory sites.
Some fake sites carry the company name, but post a competitor's toll free number, tricking visitors and siphoning away potential customers.
By impersonating a company's online Technical Support team, bad actors convince unsuspecting visitors to pay for “support” that is never delivered.
Some fake sites use the company name as a trick to bring more traffic to their sites, for instance, to produce more views of an advertisement, thereby generating ad revenue.
Many bogus sites are destinations for phishing attacks. Such sites have the precise look and feel of the company's real website, thereby tricking visitors into revealing login credentials and other private information.
*Distribution of DNS attack types hacker motivations based on our data
To the extent these illegal and fraudulent practices drive illegitimate revenue to malicious players, you can expect that digital impersonation will continue to grow. In addition, without the proper tools to detect and eliminate what is essentially digital identify theft, victimized companies would, at best, uncover only a small portion of these infringements on their good names and their brands.
A study by Deloitte (1) points out that the “triage period” following a cyber attack—the days or weeks after the attack is discovered—accounts for only a small percentage of the total recovery cost, often just a few percent of the total. On the other hand, losing customers, their goodwill and revenue that would have been collected through pre-attack contracts and buying arrangements could easily account for three-quarters of the total cost. And, those effects are typically felt over a period of years, not just a few weeks or months.
This Can Be Prevented
DAST refers to our service model that identifies and protects against cyber attacks of many kinds, including domain name impersonation: Discover, Assess, Secure, Test.
In the Discover phase Social Safeguard uncovers the company's legitimate assets and reveals fake and unauthorized presences and accounts.
The Assessment phase predicts new attacks and identifies areas of greatest exposure.
Securing known assets puts security in place, addressing both technology and processes.
Testing against simulated threats periodically ensures on-going protection and the integrity of the company's digital identity.
The DAST model identifies the digital encroachment (fake domains) and fake accounts that target a company. It protects against attacks to your digital and social profiles. It gives companies the tools they need to avoid failures via a patented policy engine that supervises, reveals and monitors the company's digital and social media presence. Its archiving services deliver a thorough-going retention management system in which material collected across all channels is processed and maintained.
Whether you call it digital impersonation or digital identity theft, you can stop what's already happening and prevent it from happening in the future. If you're ready to learn more and see how your company may already be under attack, contact us today to request a free social media audit.
(1) Deloitte Consulting 2016 Cyber Report - Beneath the surface of a cyberattack. A deeper look at business impacts. https://www2.deloitte.com/content/dam/Deloitte/us/Documents/risk/us-risk-beneath-the-surface-of-a-cyber-attack.pdf