Latest Political Cyber Fraud: Warren Endorses Sanders??!  No... It's Fake. (She Remains Neutral)

Posted by Greg Mancusi-Ungaro

Sat, Mar 05, 2016

2016 Elections Project Update:  On Monday, just before the Super Tuesday Democratic Primaries, this "NY Times" article made the rounds on social media:

It wasn't legitimate.  And it wasn't a parody.  It was a fraud, pure and simple. 

News of this fake article exploded on Monday, sending the NY Times and many other news organizations scrambling to disavow the article and have it removed from the web. Within a few hours, it was gone. But the damage may have already been done - the article was shared over 50K times, including 15K Facebook shares.  It was probably viewed by hundreds of thousands of people across all kinds of social channels.  Enough to swing an election? Possibly!   

Read More

Topics: scam, brand abuse, Reputation Management, Social Media Monitoring, cyber threats, impersonation, CISO, threatSMART, 2016 Elections

Jeb Bush Has A Domain Problem.  Do You?

Posted by Greg Mancusi-Ungaro

Tue, Dec 08, 2015

That sound you hear is a bunch of the staffers at jeb2016.com (the official Jeb Bush website) trying to make it seem like they are on top of their web presence. Or is that the Trump team, laughing?  We can't be sure.  

The Washington Post reported yesterday that people who type "jebbush.com" into a browser found themselves redirected to Donald Trump's official site, donaldjtrump.com. You read that right -- one of the leading candidates for the Republican nomination for President of the United States has found himself on the wrong side of one of the most basic domain abuse issues. Someone else has registered a similar domain and is using it to confuse the public. Try it: jebbush.com (It's fun!)

Download the InfoGraphic

Yes, it's funny for a moment. But in reality it is very scary. In fact, it is potentially devastating.

The massive breach at Anthem earlier this year originated from spear phishing emails that were sent from domains that impersonated Anthem. The employees who recieved the emails did not notice that the emails originated from a rogue address. They unwittingly opened attachments or clicked on links that gave the attackers inside access to Anthem networks. 

Game over.

When others appropriate your web presence by registering or appropriating a similar or easily mistaken domain, they put themselves in a position to confuse your message, siphon revenues or worse. 

How big a problem can it be?...

Read More

Topics: Brand Protection, data breach, scam, brand abuse, Domain Management, cybersquatting, Phishing, gTLD, brandprotect, infographic, cyber threats, online risk, brandjacking, Health Care, OSINT, Jeb Bush, Legal, Spear Phishing, CISO, CSO, InfoSec, Donald Trump, 2016 Elections, Anthem, CMO

Threat Vendors are Going Mainstream:Extortion Is Their Business Model!

Posted by Greg Mancusi-Ungaro

Wed, May 27, 2015

I’m just back from a fantastic International Trademark Association (INTA) conference. It is exciting to spend a few days with the foremost practioners in trademark and IP world.  One of the most visible organization there was a registrar, Vox Populi Registrar, Inc., who owns the .SUCKS gTLD.   Their representatives, clad in bright blue and white, were merrily touring the floor, speaking with vendors and attendees, about how much business sense it made to a brand to purchase the .SUCKS domain.  There booth featured a continuous slide show of F500 brands,"using" the .SUCKs domain.  ibm.sucks; ford.sucks; starbucks.sucks. yourcompanyhere.sucks. Outside the conference hall, there were more blue-clad representatives, passing out .SUCKs items that were prohibited in the hall. The Vox Populi message was communicated clearly --  It only costs $2500/year to reserve this gTLD.
"Isn't that a small amount to pay to know that no one else uses it with your brand?..."

Read More

Topics: risk management, brand abuse, online brand protection, Reputation Management, INTA, trademark, intellectual property, Risk, gTLDs, cyber threats, Chief Security Officer, online risk, unauthorized associations

Why Social Media Risk Planning is Necessary for Brand Image

Posted by Natalie Gleba

Fri, Jul 11, 2014

It is no surprise that 84% of businesses have now adopted social media to implement an online presence to communicate with customers and overall, increase their brand reach [1]. Whether a small independent business or a large B2B company, it is more evident than ever that businesses who do not build and maintain an online social media presence will get left behind, and evidently lack competitiveness. Having a social media presence offers clear advantages for marketing and sales departments, however, with this comes the disadvantage of having increased social media risks that could potentially harm the company’s brand. Therefore, it is extremely important that businesses adopt a Social Media Risk Plan to manage their reputation online and know how to mitigate potential threats.

Read More

Topics: Brand Protection, risk management, defamatory, brand abuse, online brand protection, Reputation Management, Social Media Monitoring, employees social media, online identity, social media, Internet Threats, Risk, internet security, cyber threats

APWG Reports Phishing up 20%: Criminals Pose as Brands for Better Catch

Posted by Nick Stuparich

Fri, Mar 07, 2014

According to the APWG Q3 2013 Phishing Activity Trends Report, we saw a 20 percent increase in phishing with these attacks rapidly evolving and proliferating. This escalation is generally attributable to rising numbers of attacks against money-transfer and retail/e-commerce websites. As fraudsters escalate their online presence, business’ reputations are on the line. The report highlights the use of organizations’ names and logos as part of their phishing tactics, duping users into opening emails and clicking on links. The following chart indicates the number of unique phishing instances detected by the APWG (The Anti-Phishing Working Group).

Read More

Topics: brand abuse, Domain Management, Phishing, APWG

Target’s Once-Stellar Reputation Is In Trouble… Big Trouble

Posted by Adriana Tayraco

Mon, Jan 27, 2014

Earlier last week Jody Westby wrote a very insightful article for Forbes highlighting the lack of experience and expertise from most board members and CEOs when dealing with serious cyber risks. A great point is made when she remarks that “they [CEOs and board members] are beginning to realize that there are best practices for cyber governance, and this involves more than asking interesting questions now and then or accommodating an annual ten-minute IT report on the board agenda”.

Read More

Topics: risk management, hackers, brand abuse, online brand protection, security breach

Do You Know Who is Viewing Your LinkedIn Profile?

Posted by Rosemary Brkopac

Tue, Jan 14, 2014

A couple of days ago I filed a Notice of False profile with LinkedIn (operator of a professional networking site with 259 million members) because a fake member account had been set up involving one of my financial clients.  The perpetrator’s profile indicated that “she” was a company branch manager, and she was sending out LinkedIn invites to her “co-workers” at the financial institution.  The profile should have screamed “a fake” to experienced users of the site.  Some tell-tale signs were that the profile was bare bones, with only my client listed as an employer (along with the presence of the company logo), and the image of the individual on the page looked like a robot.   I received a quick response back from LinkedIn saying they HAD begun processing the complaint, but that it may take some time to process.  Last week the news was full of articles stating that LinkedIn had sued hackers over the creation of thousands of fake accounts.  The hackers’ objective was to tap into legitimate member profiles (which they did at apparently a rate of hundreds of thousands of profiles each day) where they could glean a plethora of personal information.  At this point the identity of the hackers is unknown, and subpoenas are being served on Amazon Web Services, the cloud platform used to create the fake accounts, in an attempt to unmask them. 

The scheme was explained in an article published by Bloomberg on January 7th which stated “hackers using automated software created thousands of fake member accounts and copied data from actual member profile pages.”  The article goes on to say “the practice, known as data “scraping,” violates LinkedIn’s user agreements and federal and state computer fraud laws, the company said in a complaint filed yesterday against the unknown hackers in federal court in San Francisco. It has also strained and disrupted the company’s network computers and threatens to degrade the value of LinkedIn Recruiter, a fee-based service used by Fortune 100 companies that’s one of the company’s fastest-growing offerings, according to the complaint”.

Read More

Topics: Brand Protection, hackers, brand abuse, brandjacking

3 Steps to Effectively Handle Customer Complaints

Posted by Natasha Vadori

Fri, Nov 29, 2013

Your company is horrible!

Read More

Topics: brand abuse, Social Media Monitoring, negative reviews

Subscribe to our weekly CyberThreat Digest

Each week, our Cyber Threat Analyst team prepares a digest of the latest cyber threat news and alerts. Subscribe today and begin receiving it on Monday.

 Get the Weekly CyberDigest

 

Subscribe to receive a weekly summary of our latest posts

Posts by Topic

see all