Summer Brandjacking Index TM

Transcription

1 Summer 2008 Brandjacking Index TM

2 Brandjacking Index TM Summer 2008 Contents Executive Summary... 3 Pharmaceutical Brand Abuse... 3 Brand Summary Findings... 8 Phishing Trends Conclusions Methodology & Background Glossary... 14

3 Executive Summary In this edition of the Brandjacking Index, we turn to the online pharmaceuticals marketplace as we did last summer. We found numerous examples of con artists who hijack well-known brands for their own profit and continue to thrive by selling illicit drugs, endangering consumers health and well-being. MarkMonitor created the Brandjacking Index to measure how pervasive online brand attacks are and to identify the potential threats to the world s strongest brands. As in our previous reports, this edition of the Brandjacking Index tracked millions of s and billions of web pages, including listings on online auctions and B2B exchanges. In addition to pharmaceutical abuses, we found continuing increases in cybersquatting against a wide variety of leading brands, as well as increasing concentration, sophistication and focus by phishers on a growing number of brands. Pharmaceutical Brand Abuse Buying drugs online continues to be fraught with fraudsters and, sadly, is even more popular than it was a year ago when we last looked at this industry. There is more traffic to online pharmacy sites that are doing more business, and a 36% growth in the availability of drugs in the online supply chain. Moreover, online pharmacy sites are getting more sophisticated at attracting their audience by investing in search advertising words to drive more traffic to their storefronts. Overall, 60% of the presumed fraudulent online pharmacies and B2B exchange sites we identified in 2007 are still operating. This is an industry that isn t just going away, but is getting better at conducting their illicit activities and preying on the public. Here is an example of one online pharmacy that is labeled as Canadian but hosted in the Russian Federation, according to its IP address. Last year, it listed a Los Angeles area code, but this year the company shows a Texas phone number. We made a purchase from this website and our credit card statement reflects an Israeli merchant account; as of our publication date, the drugs have not been delivered. No matter where its real location is, it continues to display faked credentials, and when you telephone them, a heavily-accented Russian voice invites you to leave a message. Example of a Canadian online pharmacy that is hosted in the Russian Federation. 3

4 The total number of online pharmacies surveyed dropped slightly from 3,160 last year to 2,986 this year. Only two of the pharmacies that we identified were VIPPS-certified.* As in the past, close to two-thirds of the pharmacies didn t use any encryption to protect customer data, adding the risk of identity theft to the shopping experience. Most notably, the number of daily visitors to these sites nearly tripled, thus exposing many more consumers to potential harm. This dramatic increase in traffic drives a sizable increase in revenue, which we estimate at $12 billion. To make that calculation, we used industry statistics for purchase rates of.05% of the traffic and average order size of $70. Online pharmacy abuse trends based on six drug brands. The old adage if something is too good to be true it probably is works in spades when it comes to online pharmacies. Our findings show price discounts of 85% from established and certified pharmacies, which is even more of a bargain than we found last year. These aggressive discounts are a strong indicator that the drugs being sold by non-certified pharmacies are suspect. We chose one drug brand and examined similar quantities and dosages across two groups of pharmacies. When examining pricing at 30 randomly selected, non-certified pharmacies, we found prices ranging from $1.07 to $3.61, with an average price of $2.54. In contrast, prices for the same brand, quantity and dosage at four VIPPScertified pharmacies revealed an average price of $ This wide discrepancy indicates that the drugs sold at these non-certified pharmacies are fake, stolen, alternates, expired, diluted or gray market versions and should be avoided by consumers. There is a ray of good news. We found that there are significant price variations on the sales of drugs from legitimate VIPPS-certified online pharmacies, too. Consumers can find deals if they shop around online at VIPPS-certified pharmacies and be assured of buying with confidence. * What does certification really mean? A check of shows just 15 online pharmacies that have been certified to sell medicines by the U.S. National Association of Boards of Pharmacy. The site also lists hundreds of other websites that are not recommended and probably fraudulent, such as BestPillBuy.com. The Association has a long process to ensure that a site is legit, including on-site inspection of all facilities used by the site to dispense medicine and all policies, practices and procedures used. We strongly urge consumers to check this listing before they purchase any medications online. 4

5 Almost half the pharmacies that we identified in the study were hosted in the U.S., decreasing from almost 60% in The United Kingdom exhibited a small decline in the number of online pharmacies hosted, at 12% vs. 14% in Germany and the Netherlands displayed the greatest increases, hosting 9% and 7% of the total, respectively. We also examined the role of B2B exchanges in the online pharmaceutical market, as we did in last year s study. The number of exchange listings for bulk quantities of the six drugs studied increased to 530 from 390 in 2007, while the number of sellers decreased to 185 from 238 in This could indicate an increasing specialization or consolidation in this market segment. The decreased volume of pills on offer indicates that an increasing number of small manufacturers may be using the B2B exchanges to promote their businesses.... an increasing number of small manufacturers may be using the B2B exchanges to promote their businesses. Online supply chain has more active sellers offering smaller volumes. Interestingly, we found that far fewer exchange listings indicated a country of origin for pharmaceuticals. While 44% of the listings in 2007 listed a country of origin, only 19% did so in We surmise that the wave of negative publicity around foreign pharmaceuticals in the past year has prompted many of these manufacturers to cloak their national origins. 5

6 Here is one example of an exchange listing, selling loose pills at a 93% discount over their retail price, from a site that is hosted in India but with Russian contact information. The significant discount indicates that the site is selling fake, diluted, alternative, stolen, gray market or expired medicines. Some of the manufacturers on the exchanges are also selling bulk quantities of the active ingredients for drugs, including patent-protected drugs. These huge quantities could supply thousands of doses. This practice is not just questionable, but points to violations of patents and intellectual property statutes as well. B u l k q u a n t i t i e s o f a c t i v e p h a rm a c e u t i c a l i n g re d i e n t s a re a v a i l a b l e o n l i n e, including patent-protected drugs. 6

7 Perhaps the most disturbing trend is the use of search engine advertising to draw in more unsuspecting marks to these misleading sites. Using industry figures for cost per click (CPC), impressions volume and click through rates (CTR), we estimated advertisers are spending $26 million annually on the six drug brands that we studied. We identified 11,836 search ads; none of the ads that we analyzed were from legitimate brandholders. More than two-thirds of the ads showed trademark abuses. All of these ads led visitors to misleading sites that were selling these drugs. None of the sites were VIPPS-certified. Here is one example of a landing page for one of these paid search ads: Perhaps the most disturbing trend is the use of search engine advertising to draw in more unsuspecting marks to these misleading sites. This appears to be a professional-looking site, with a list of faked accreditation and safe shopping links. However, it is selling non-existing generic equivalents to patent-protected drugs. Consumers who purchase drugs from this site could be risking their health and well-being. 7

8 As the table below shows, pharmaceutical cybersquatting continues to see rapid growth and mirrors the overall brandjacking trend. Phony ecommerce sites are also growing rapidly, showing that the potential is large to continue to make money in this sector. Analysis of six top drug brands in June 2008, by threat type. Brand Summary Findings Overall, cybersquatting continues to dominate the methods used by online con artists, with a slight growth from the first quarter of 2008, and up about a third from this time last year. Annual brandjacking activity measured in June Threat types are not exclusive of other threats. Data is based on weekly samples averaged over one quarter. ** In this edition, we have discontinued reporting domain tasting and domain kiting trends as a result of the notable drop-off of such activity arising from increased ICANN scrutiny, registry action and brandholder-related litigation. 8

9 Some slight changes in the overall country of origin rankings of the top 15 brandjackers domains were noted, as shown in the table below, with the vast majority of them continuing to be hosted in the U.S. Cybersquatting continues to dominate the methods used by online con artists... Domain count by hosting country, , including new domains but not including any inactive domains. Geographic brandjacking trends for Q

10 The most targeted industries of automotive and media continue to attract the lion s share of abuse, which is growing. The luxury goods, apparel and automotive sectors experienced the fastest rising rate of abuse. Brandjacking trends by industry, Phishing Trends In the past quarter, we observe that phishers have widened their targets, zeroing in on many companies for the first time. The overall number of unique URLs phished continues its decline, showing that phishers techniques continue to evolve. Number of organizations phished increases in Q

11 A total of 485 organizations were phished in the second quarter of 2008, which is about a 20% increase compared to the previous quarter as well as to the same period in Phishers were active in targeting fresh prey in Q2. With 169 organizations being first-time targets this quarter, we see a big jump from previous quarters. Number of organizations phished for the first time, by quarter. As with our previous studies, we noted that a small number of companies account for the majority of phish activity. In Q2, 20 companies, or 4% of all companies phished, account for 89% of all phish URLs. Our analysis shows that banks are the most popular category of business for phishers to target, but more than half of the phishing URLs are auction houses and payment services. When examining phishing trends by industry rather than URL, we see that phishers continually change their focus. In Q2, the data shows a sharp increase in financial services targets and a sharp decrease in auction houses. Phishers continue to change their industry focus. 11

12 In fact, we took that analysis a step further and examined how phishers have alternated their focus on auction houses and financial companies during the last four quarters. Auction and financial phishing trends. As before, the U.S. continues to host the majority of phishing sites, with similar distribution of other top countries from last quarter. Hosting countries of phish attacks. Finally, in a demonstration of how phishers techniques change over time, we note that the sheer number of phish URLs continues to decline. Number of phishing URLs. 12

13 Conclusions Brand abuse is increasing, but more important than the sheer volume is that the level of sophistication is increasing too. Cybersquatting continues to be the top tool of choice for brandjackers, and the number of first-time phishing targets is on the rise. Online drug brands continue to see some very aggressive marketing from fraudsters who have established businesses with a growing supply chain and sophisticated paid search eco-system. As we said last year, as long as consumers are motivated to shop for cheap drugs, unscrupulous online pharmacies will continue to proliferate and take their money. Methodology and Background The Brandjacking Index is produced quarterly by MarkMonitor and explores numerical trends and statistics about brand abuse. It contains anecdotal information about the business and technical methods used by brandjackers, along with analysis and discussion of the business and social implications of brand abuse. The cornerstone of the Brandjacking Index is the volume of public data analyzed by MarkMonitor using the company s proprietary algorithms. MarkMonitor searches approximately 134 million public records and 60 million suspected phishing solicitations for brand abuse. These records come from various public domain data sources, along with Internet feeds from leading international Internet Service Providers (ISPs), providers and other alliance partners. None of this data contains proprietary customer information. This report is based on the following information and analysis: Tracking 30 of the most popular brands as ranked by Interbrand Weekly sampling of more than 430,000 potential brand abuse incidents conducted throughout Q for the overall brand analysis Nine vertical segments (Automotive, Apparel, Media, Consumer Packaged Goods, Consumer Electronics, Luxury, Food & Beverage, High Tech and Financial) for the overall brand analysis Six leading drug brands surveyed, from nearly 3,000 pharmacies, 20,000 domains abusing drug trademarks and more than 11,000 search ads Insights based on an average of weekly samples of incidents Suspect s reported from more than 650 million inboxes hosted by the largest ISPs resulted in 60 million suspicious s being studied for the phishing analysis. 13

14 Glossary Brandjacking To hijack a brand to deceive or divert attention; often used in abusive or fraudulent activities devised for gain at the expense of the goodwill, brand equity and customer trust of actual brand owners. Cybersquatting The registration of domain names containing a brand, slogan or trademark to which the registrant has no right. Domain Kiting The process whereby domains are registered and dropped within the five-day ICANN grace period, and then registered again for another five days. Kiting a domain lets the registrant gain the benefit of ownership without ever paying for the domain. ecommerce Content Websites containing a specified brand that appears in visible text, hidden text, meta tags or title in conjunction with other site content that indicates online sales are being transacted on the site. Offensive Content Websites containing a specified brand that appears in visible text, hidden text, meta tags or title in conjunction with pornographic, online gaming or hate content. PPC (Pay-Per-Click) Paid placement advertising appearing on web pages. Operators of websites hosting PPC advertising derive revenue from ads that are clicked, hence the name PPC. Phishing Criminal use of to divert traffic to websites in order to fraudulently acquire usernames, passwords, credit card details and other personal information. The and websites used in these operations employ social engineering techniques to trick users into believing they are interacting with a business or organization that they trust. Rock Phishing A method of phishing first implemented by the rock phish gang that utilizes multiple layers of redundant infrastructure to increase the difficulty of shutting down the attack. Other phishers are now using these tactics as well. Traffic Diversion The use of brands, slogans or trademarks located in visible text, hidden text, meta tags and title in order to manipulate search engine rankings so that the brandjacker s site can gain a more favorable search engine placement. 14

15 Press Contacts: About MarkMonitor MarkMonitor, the global leader in enterprise brand protection, offers comprehensive solutions and services that safeguard brands, reputation and revenue from online risks. With end-toend solutions that address the growing threats of online fraud, brand abuse and unauthorized channels, MarkMonitor enables a secure Internet for businesses and their customers. The company s exclusive access to data combined with its patented real-time prevention, detection and response capabilities provide wide-ranging protection to the ever-changing online risks faced by brands today. For more information, please visit Te Smith, MarkMonitor (831) (mobile) (415) (office) te.smith@markmonitor.com Jonathan Jordan, A&R Edelman for MarkMonitor (240) (mobile) (202) (office) jjordan@ar-edelman.com Boise San Francisco Washington D.C. New York London Toronto Frankfurt Copyright 2008, MarkMonitor Inc. All Rights Reserved. MarkMonitor is a registered trademark of MarkMonitor Inc. and Brandjacking Index is a trademark of MarkMonitor, Inc. All other trademarks included herein are the property of their respective owners.