Brand hijackers ready for the holidays

The holiday season doesn’t officially begin until next week, but fear not — just as your local big box retailers have been busy putting up their yuletide decorations ahead of Thanksgiving — phishers and other online fraudsters have been similarly preparing to cash-in on the annual consumer shopping binge.

According to the latest “brandjacking” report issued by researchers at MarkMonitor, which tracks the manner in which criminals are trying to piggyback their efforts on the images of legitimate businesses (think eBay phishing scams), the fraudster set is ramping up in preparation for the glut of Web-surfing newbs who dip their toes into the e-commerce waters over the next two months.

Based on the firm’s Autumn 2007 Brandjacking Index — which is focused on data that was gathered from approximately 134 million public Web domains over the course of calendar Q3 — phishing attacks carried out against retail brands jumped by 1,100 percent, compared to Q2 of this year.

In total, phishing campaigns involving retailers and online auction sites accounted for 39 percent of all attacks that MarkMonitor observed.

The United States continues to lead the world in the sheer volume of hosted phishing sites, at least as far as the researchers could tell, accounting for roughly 25 percent of the fraudulent URLs.

MarkMonitor researchers said that phishing techniques are also becoming more sophisticated, with increased use of so-called “rock phishing” tools used to manage multiple fraud sites. The criminals are also making their sites more resilient by using so-called fast flux networks — which include botnets armies of infected computers — to support their online operations.

Phishers also continue to serve as a hungry audience for botnets that are being made available for rent by their operators, the researchers said.

The company said that spam-based offers for retail gift cards are a favorite among phishers in 2007, with most trying to steal personal data of their targets.

It said that 33 percent of paid search listings it tested for major retail brands misdirected consumers to questionable Web sites that didn’t appear to be genuine.

Cyber-squatting, or the practice of launching URLs that attempt to lure end users by utilizing a legitimate company’s name, or a closely-derived iteration thereof, also continues to find favor among the cyber-criminal set.

According to the study, an average 484,251 accounts of online brand abuse were measured by the firm each week, including 342,512 instances of cyber-squatting, registration of unauthorized domain names containing a legitimate brand name, or which used marketing slogans or trademarks to which the site registrants had no discernable right.

MarkMonitor said that instances of cyber-squatting rose 19 percent during the quarter, compared to Q3 2006, and reported that the practice of “domain kiting” — or using the 5 day grace period allowed to URL registrants by ICANN to test the viability of their sites, which phishers and other fraudsters have used to launch short-lived attacks — rose by 48 percent during the third quarter.

In an interesting twist on the yearly holiday-phishing fiasco, MarkMonitor found that a relatively large number of unsavory individuals are also trying to sell toys via the Web that have recently been recalled by their manufacturers for issues related to the use of lead paint, and other defects.

The company estimates that 30 percent of online auctions for recalled toys continue to do business after the recalls have been announced, with 83 percent of all auctions for recalled toys coming from the U.S. — more than all other countries combined (so much for blaming China for the lead paint problem).

Even worse — from a consumer products industry perspective — is that 8 percent of the B2B exchange sites MarkMonitor tracked that sell toys are still listing recalled item for sale.

“The toy recall and gift card findings vividly demonstrate the contrast between how brands are protected in the Internet world vs. the physical,” Frederick Felman, chief marketing officer for MarkMonitor, noted in a report summary.

“Brand holders need to develop comprehensive and aggressive strategies to protect consumers who not only trust their names in stores, but in online venues as well; they also need to recognize the Internet has the potential to contaminate supply chains to brick and mortar vendors,” he said. “If brand holders don’t move aggressively, they put their customers, reputations and revenues at risk.”