The leader in online threat protection
Contact
 
   
 
 


Whitepaper

At the worst extreme, phishing schemes can become identity theft, a catch-all term for crimes involving the illegal use of another individual’s information. Culprits can take over all the personal information related to an individual, including social security number, accounts and passwords, and credit card information; and in doing so, gain access to electronic funds. Both Javelin Research and the most recent FTC report estimate that identify theft has become a $45 billion-a-year problem in the U.S. alone.

Financial loss from criminal activity is only part of the equation. Increasingly, the government and financial institutions are becoming worried about the more insidious forms of attack to corporate names and reputations. Hence, newfound importance is being attached to an institution’s reputation and how potential risks can be mitigated.

For example, if a customer logs on to an unauthorized Web site that falsely uses the name, logo, trademark or online brand belonging to that institution, it can result in a range of unintended consequences, mislead consumers and expose an organization to new forms of liability. Possible scenarios include the following:

  • Financial information. Someone uploads false financial data to an electronic information service provider such as Google, MSN or Yahoo, and then puts a hedge play against their stock, or publishes damaging information that may divert investment from that stock.
  • Job listings. Employment advertisements on job boards use recognized institutional names to capture identity data from prospective job applicants including names, addresses, e-mail accounts, social security numbers and drivers licenses.
  • Online survey. Fake e-mails sent from a Web site imitating a consumer research organization lures recipients to a location which triggers malware. The malware turns the user’s machine into a “zombie” or “robot” (where it surrenders control to another computer) and is forced to send out spam e-mails that may further propagate the malware.
  • Financial services. An investment vehicle from a consumer’s favorite financial institution may have nothing to do with that institution; it could be a link to a third-party Web site that is targeting the institution’s customer base.

The threats are varied and often escape detection. In each case, a major institution’s reputation is compromised and a customer is misled or defrauded. Please keep in mind that these threats can also occur to both non-online customers and non-customers such as investors. While threats come in a variety of forms, most represent some form of “unauthorized linking”, the practice of trying to look legitimate or benefit from an association with an institution through improper use of a corporate logo or trademark. In many cases, the unauthorized use of a logo or trademark is innocuous - it could be a charity wishing to thank its corporate sponsor.

This false link, however, could also transport a customer to a link devoted to a competitor’s Web site, and that customer would never know it. Even worse, consumer traffic can be diverted from its intended destination and be falsely connected to illegal or offensive activities, such as pornography and gambling.

Last summer, the U.S. Federal Deposit Insurance Corp., issued Financial Institution Letter (FIL 72-2007) titled “Best Practices for Preventing and Detecting Child Pornography from the Financial Coalition against Child Pornography”. The letter warns of what could happen in the extreme. Referring to the activity of “remote merchant capture”, essentially advising institutions to get to know their online customers, to practice due diligence of that merchant (defined as any business entity that has an online retail operation) and then review all online Web sites and links before engaging that merchant’s business.

Adding new customers online carries its own risks, and increasingly, financial institutions will be called on to not only verify the legitimacy of each customer’s business but to potentially detect undesirable customers. The implication is clear: If financial institutions take on the wrong customer, not only could they be propagating a crime, they could do irreparable harm to their business.

1 | 2 | 3 | | 4 | Next
 
© BDProtect Inc. 2008 – Home | Solutions | About | Contact | Privacy | Site Map