SAN FRANCISCO -- Financial institutions, including credit unions, are top targets of Internet kiting, in fact more than double that of any other business segment.
That's the word from MarkMonitor's first Brandjacking Index, a report measuring the effect of online threats to brands.
Kiting takes advantage of a five-day grace period for registering the marketability of Internet domains.
"Abusers use this technique to test traffic-diversion sites," says Frederick Felman, MarkMonitor chief marketing officer.
The Brandjacking Index is based on weekly samples of data over a one-month period. The four-week average of financial kiting revealed more than 980 kited sites targeting financial brands.
Felman explains that when the five-day grace period expires, the kiters shut down the site. That means they pay no fee to register the domain. Then, on day six, they revive the site by re-registering.
The bad guys want to use the brand power of a business, such as a credit union, to lure people to their site. Let's say someone types in Well Known Credit Union in a search window. The search results list Well Known Credit Union Free Checking. The searcher clicks on that link, and instead of going to the actual Well Known Credit Union site, goes to another site perhaps featuring products competing with Well Known.
"In extreme cases fraud or other problems occur on the site," Felman says. "It has a significant impact because kiters are hard to track down and stop. Financial institutions are attractive targets because people who have money in a bank or credit union have money to spend on-line."
Phishing attacks are also up, jumping 104 percent in the first quarter of 2007 compared to the first quarter 2006. MarkMonitor attributes this rise to advances in phishing technology designed to counter phish-blocking browsers and other consumer protection.
He notes crooks have been successful in compromising even sites with passkey or site-key protection using a symbol and label a member has selected to confirm the site is authentic.
"One of the big findings of the brandjacking study is that criminals are incredibly adaptive," Felman. "They're savvy in their understanding of new marketing methodologies. They use security measures that companies adapt to trick people into trusting them.
"This rise in attacks on financial institutions is not surprising. The yield for online banking credentials is incredibly high for phishers. They are taking advantage of the large number of mergers and acquisitions as well as the ongoing shift from brick-and-mortar to online banking. Consumers are confused and the phishers are capitalizing on it."
"Make sure you are tracking and have a plan to respond to phishing and other threats. Have a strategy for registering domain names that are close to yours. Having a plan is half the battle."