It’s an unfortunate side effect of the digital world that by searching through the junk mailbox or inbox of any current e-mail account, we would inevitably see evidence of attempts at online fraud. Cases of phishing, the fraudulent practice where e-mails are sent purporting to be from reputable companies to glean personal information from the recipient, have actually risen by 400 per cent in the last couple of years. In the UK alone, such attacks increased by 21 per cent in 2015, costing consumers an estimated £174.4 million.
Phishing is by no means a new scam – the method has been in use for more than 15 years – and fraudsters are changing tactics, looking at new ways to catch out consumers. Targeted fraud that hijacks trusted brands and unsuspecting consumers has been a long-time challenge for companies such as banks or other financial services organisations. However, fraudsters are now focusing their efforts on a range of other sectors. These include industries such as software as a service vendors or companies with cloud-based offerings, telecommunications, retail and internet brands, and many are falling prey to these evolving methods.
The latest Office for National Statistics figures suggest that one in ten of us fall victim to online scams, virus attacks and thefts of bank details every year. The sums stolen are truly spectacular, an eye-opening £193 billion a year – that’s 50 per cent more than the annual budget for the entire NHS. The online fraud landscape today has become a tangled web of potential threats and, as well as phishing, business e-mail spoofing scams and malware are also on the rise.
The threats have become more complex to navigate and the risks harder to mitigate with attackers making use of the deep web. The indexed sites on the internet, or surface web, only account for 4 per cent of the data that can be found online. The rest is comprised of the deep web, unindexed content such as webmail pages, company intranets, user databases and pages behind paywalls. The deep web also includes the dark web, which is a series of sites that are visible, but with hidden IP addresses enabling criminals and legitimate users alike to enjoy complete anonymity.
Given the rapidly changing nature of cyber crime, protecting and proactively defending an organisation has never been more important. The first crucial step for businesses is to be fully prepared and adopt a “when” rather than an “if” approach, with the aim of preventing the attacks in advance. Organisations can set up early-warning systems alerting them of new domain registrations, which may misleadingly read like their brand name and may target the brand to host malicious content, before it impacts their customers.
Fraudulent activity can also be detected by using the right intelligence, and proactively monitoring and analysing key intelligence sources to detect phishing and malware activity across e-mail and other digital channels. Businesses need to shut down or restrict access to phishing sites and can partner with an anti-fraud vendor to share their phishing alerts with internet service providers, browsers, e-mail providers and security vendors, helping them block malicious sites at the internet gateway.
Measuring and mitigating cyber crime has to involve understanding the level of activity in these hidden areas of the internet. There are solutions on the market that use leading-edge technology to detect, analyse, mitigate and also provide near real-time alerts for a more comprehensive approach to anti-fraud. Conventional threat analysis requires security experts to search multiple platforms and manually identify threats. MarkMonitor® solutions use automated processes to monitor and identify threats, and deliver insight into specific threat activity. Leveraging smart robot technology, the solution mimics human behaviour to interact with cyber criminals and infiltrate their networks.
The risk of cyber attacks is real. From a consumer perspective, there are many instances of individuals being targeted and potentially becoming a victim of online fraud. For businesses, proprietary corporate information, trade secrets and employee access credentials are all at risk. Businesses need to be aware of every potential threat to their IP and leverage the technology to monitor, detect and protect their organisation, and unsuspecting consumers, in the deepest, darkest layers of the internet.
For more information please visit:
www.techweekeurope.co.uk/security/cyberwar/uk-phishing-attacks-rise-2015
www.information-age.com/technology/security/123461668/just-tip-iceberg-why-you-should-be-monitoring-deep-web
www.pcadvisor.co.uk/how-to/internet/what-is-dark-web-how-access-dark-web-deep-joc-beautfiulpeople-3593569/
© 2016 MarkMonitor Inc. All rights reserved. MarkMonitor® is a registered trademark of MarkMonitor Inc., part of the Intellectual Property & Science business of Thomson Reuters. All other trademarks included herein are the property of their respective owners.