'Brandjacking' on the Web

(page 3 of 3)

Since the five-day trial period for a Web site registration is free, there's no real overhead cost. At least 1 million hijacked sites are reregistered every day, used to create "pay-per-click" sites that can yield as little as $25 per year. But take that million sites and pretty soon you're looking at a business model that could potentially generate $125 million per year. "We think kiting and domain 'tasting' represent more than 90% of the new Internet domain registrations on a daily basis," he says. "We're talking about people who exist out on the fringe of the legitimate business world," Felman says. "But they're people making real money off of exploiting these brands, probably enough to pay the rent and get a nice car."

Not Just a Problem for Consumers

And then there's e-mail phishing. This is the practice of using e-mail to entice unsuspecting consumers to click through a link to a Web site that may look as if it's operated by their bank or another financial institution. Typically, a phishing e-mail informs the consumer that his bank needs him to "change your password right away." Thinking the message is legitimate, consumers click through, type in their account information and password, and soon learn the hard way that the message they received didn't really come from their bank at all.

While it's a big problem for consumers, it can also be a major problem for the banks or brokerage firms whose brands are used to carry out the crime. Phishing e-mails accounted for 16 million e-mails sent per day during MarkMonitor's sample period, up 104% in the first quarter of 2007, vs. the same period in 2006. Felman says 229 companies were the targets of phishing, and more than half of those were targeted for the first time. Banks, credit unions, PayPal (eBay's payment service), and even the Internal Revenue Service have seen their names used in phishing campaigns.

Capitalizing on Consumer Confusion

Phishing is clearly on the rise. A study by the Anti-Phishing Working Group found that the number of unique Web sites devoted to phishing jumped to just more than 16,000 by February, 2007, from 10,091 in August, 2006. "The problem is definitely not getting better," says Dan Hubbard, vice-president of security research at Websense (WBSN), which shares its phishing data with the anti-phishing group.

Another reason for the surge in phishing comes from simple consumer confusion. "We believe a lot of it is due to the confusion people have over the introduction of new security methods that banks introduce," he says. "Plus, there's been a lot of mergers and acquisitions of different banks. The customer is dealing with a new entity and that creates some confusion that phishers can use to their advantage."

Keeping a close watch on your brand is something every company with online operations has to do, says Del Ross, head of brand distribution and marketing for InterContinental, the hotel chain. "It's cheaper to spend the money to protect your brands than not to protect them," says Ross. "Just about everyone with a brand to protect has or will have this problem, and it's going to get worse."

Hesseldahl is a reporter for BusinessWeek.com.