For smarter enforcement, determine your infringer’s intent

There’s no question that intellectual property is at stake online. The question is how it’s being compromised.

Infringements, malware, phishing – one thing these threats have in common is that they leverage your brand equity. To defend yourself against this shapeshifter, you’ll need to understand your attacker’s intent – are they out to siphon your money, or your traffic?

Is it the brand they’re after?

Brand reputation can be influenced by many factors. The inevitable exposure that comes with doing business online heightens the risk to both an organization’s reputation and to its security. Damage to reputation, lost revenue and increased operating costs are just a few possible impacts.

Online threats and misuse of intellectual property can take on different forms depending on intent, whether it be brand infringement or malicious threats.

Brand infringements can be defined as unauthorized use of intellectual property for the primary purpose of diverting traffic through brand impersonation or false affiliation. These threats generally take the form of traffic diversion, false association, non-phishing brand impersonation, cybersquatting, brand and logo confusion, partner compliance, and keyword hijacking.

The impact of this type of threat is reduced traffic and potentially lost revenue, brand confusion, and a blow to the organization’s reputation.

Example of a brand impersonation website

Or is it the money?

Malicious threats often take the form of phishing fraud activity when targeting a branded organization. Phishing fraud is also the unauthorized use of intellectual property, with the intent to illegally obtain money or data.

This typically takes the form of brand impersonation for consumer phishing, vishing (phone impersonation), smishing/SMS text phishing, malware distribution, business email compromise (BEC) scams and employee spearphishing for the purpose of phishing to steal credentials, money, or data, or delivering malware or other email-based scams. The impact of phishing to the organization is primarily monetary in relation to financial losses suffered by consumer victims but can also result in brand distrust.

Image 2018 09 05 17 56 06Example of website phishing

Detecting online threats requires multiple types of data feeds. Domain zone files, search engine, social media and mobile app marketplaces tend to be rich detection avenues for brand infringing online threats. Phishing fraud is more typically found in email feeds, customer web server logs or abuse inboxes, DMARC quarantined URL feeds, and domain zone files as well.

Determining intent is paramount to utilizing best practices for a quick, efficient enforcement. When phishing fraud activity can be proven from content or email-based evidence, a phishing fraud enforcement is generally going to be quicker. When there is no malicious intent, then enforcement relies on the misuse of the intellectual property and responses can take longer.

You can take action to mitigate threats against your business online. Join our “Brand and AntiFraud Enforcement Strategies” webinar as experts review strategies that will make a big difference in your protection program.