Threats your brand needs to prevent during the shopping season

With peak shopping season in full swing, brands are hard at work driving traffic to their websites from bargain-hunting consumers and early Christmas shoppers – the end of the year represents a substantial financial boom for retailers across the globe. At the same time, it’s also a massive opportunity for cybercriminals to strike.

The digital ecosystem is ripe with various types of frauds, from capitalizing on vulnerabilities in website plugins to manipulating providers to perform changes, which can have a huge financial impact on the bottom line. In this article we’ve collated a few common threats that take place within the DNS system, and how you as a brand can protect your consumers and revenue streams.  

1. We’ve all seen them, copy-cat websites!

October to December is also peak time when it comes to new domain name registrations, especially using well-known brand names with the intention of deceiving consumers. One very common way of using these domains is fake web shops. Products bought through these websites by consumers are rarely delivered, or if they are, the customer is provided with a sub-par replica or has their sensitive information stolen.

Needless to say, this affects a brand negatively, not only is revenue lost but the brand reputation can be damaged or even diluted, should too many cheap replicas flourish in the streets.

Protecting yourself from this type of malicious activity is not as easy as one might think and usually requires knowledge about both the DNS system and a well-maintained trademark portfolio.

Every brand today, especially B2C brands, should have monitoring in place to be alerted about problematic registrations as soon as they happen. The aspiration should be to take action (if appropriate) before it’s reported through your customer support channels and/or partners and distributors.

Luckily the routes for enforcement are clear as soon as the building blocks are in place.

2. Phishing

Spear-Phishing, Whaling, Vishing, Smishing – these words only aim to illustrate that there are many ways to deceive consumers. Central to all the above terms is that attackers create fraudulent messages to trick consumers into revealing sensitive information or to gain access to systems and software. Most of the time it’s painfully obvious, but other times it’s a sophisticated, multi-channel phishing attack that end-up tricking even the most advanced tech entities. Many examples of phishing attacks are a simple google search away!

The peak shopping season creates an enormous amount of email traffic, which makes it easier for cyber-criminals to sneak past the radar.

But let’s talk about what can be done in the DNS system. Email is a very common channel for phishing attacks, but brands can implement existing security protocols like SPF, DKIM, and DMARC to safeguard their domains. Having these correctly configured not only prevents spoofing but can also increase mail deliverability from a business’s domains.

However you can’t control what doesn’t take place on your domains, therefore once again monitoring can give you a heads up when a domain that looks confusingly similar to your own is registered – and then email enabled.

3. Social engineering of a Domain Name Provider

Something many brands don’t consider is the vulnerabilities at their providers. Providers are at risk of receiving phishing emails or being socially engineered to provide sensitive information or perform an action that might be catastrophic for the business. Ensuring you’ve selected a Corporate Domain Provider is key to avoiding this, the same goes for any provider in your supply chain really.

4. Delivery Scams

As many consumers order online from multiple brands and vendors within a brief period of time, they are expecting many order confirmations or delivery notices through various channels, which is of course an opportunity for cybercriminals who can capitalize on the temporary information overflow.

Sending delivery notices, delivery payment requests, etc. is a great way to get people to click on links and/or submit sensitive information.

Not a DNS issue at first glance, as it most often is a form of text message phishing (smishing). However, (email) phishing is very common for this as well.
Delivery Services are exceptionally vulnerable to this type of activity, and they are some of the most spoofed companies across the globe – a firm grasp of both monitoring and DNS configuration can aid in mitigating the issue.

To summarize – brand owners need to consider where they are vulnerable today, mitigate risk within their own digital presence, and all the way down to provider level, here is our advice:

  • Implement Domain Name Monitoring
  • Correctly configure SPF, DKIM, and DMARC for your domains and sources.
  • Increase staff awareness around cyber threats such as phishing.
  • Review your providers.
  • Ensure your Domain & Trademark portfolios complement each other and provide the protection you require.