Home > Blogs > Robert Siciliano > Identity Theft Expert Speaker
bookmark_borderbookmark

Business Identity Theft; Big Brands, Big Problems

By
Services for Real Estate Pros with IDTheftSecurity.com Inc

Cyber criminals go after brand names like vultures, infiltrating company websites, hijacking mobile applications and tainting online ads, among other tricks.

identity theftSome corporate websites aren’t as secure as business leaders think they are—and cyber thieves know this. They use the “watering hole” technique to infiltrate the system. Ever see an animal TV show in which the lions wait in the brush, camouflaged, for their unsuspecting prey to approach the lone body of water? You know the rest.

Think of the company’s website as the watering hole. The company typically uses “landing pages” to entice people to their main site, but leave the landing pages up after they’ve served their purpose. Here’s where trouble starts, fewer resources are devoted to monitoring or updating these pages, allowing hackers to pounce on the vulnerabilities and insert malicious code, luring visitors to malicious sites using the trusted reputation of the brand..

Ultimately, the brand name becomes associated with this. Some examples as reported by Forbes.com:

  • The nbc.com home page was infected with the Citadel/Zeus installation malware.
  • The U.S. Veterans of Foreign Wars’ website was infected with malware.
  • Third-party app stores are a source of downloaded malware, since these are usually un-policed. Apps can be repackaged with mal-code, creating an association of bad with the brand name of that app. The mal-code could gather personal data on the purchaser, which is then sold to data brokers, violating user privacy, making the user think pretty negatively about the brand name.
  • Malvertisements are malicious ads that crooks place on legit websites. These normal-appearing ads spread bad things around, and do NOT have to be clicked to trigger a viral attack.
  • Banner ads can also be the target of injected mal-code.
  • These clever crooks will even pose as an actual name-brand company and put up legitimate ads on a website, but then replace those with mal-ads over the weekend—which go undetected because IT departments are lax on the weekends. After oh, say, a few million computers and mobiles are infected, the thieves stick the original, legit ad back in, which makes their crime difficult to track.

Third-party networks place a lot of ads, making it very hard to hunt down malvertising fraud. This complexity can make it virtually impossible for companies to protect themselves against 100% of malicious attacks.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Comments (9)
Subscribe to CommentsComment

Submit
Show All Comments
Patricia Kennedy
RLAH Real Estate - Washington, DC
Home in the Capital

Robert, yikes!  This stuff is so annoying.  The bad guys just keep it going, and I'm wondering if they couldn't make as much money using their enormouse creative talents to make an honest living. 

Aug 01, 2014 11:02 PM
Richie Alan Naggar
people first...then business Ran Right Realty - Riverside, CA
agent & author

Bringing a little Twilight Zone into it...what if it is the anti-spam software people are creating the problems and THEN the solutions? Just a thought...don't obsess

Aug 01, 2014 11:33 PM
Nina Hollander, Broker
Coldwell Banker Realty - Charlotte, NC
Your Greater Charlotte Realtor

This is really scary stuff, Robert. It's like there's no where to hide and you have to spend your life looking over your shoulder.

Aug 01, 2014 11:51 PM
Than Maynard
Coldwell Banker Heart of Oklahoma - Purcell, OK
Broker - Licensed to List & Sell - 405-990-8862

It seems that malware is everywhere and the bigger the site/company the easier it is to infect.

Or, why bother with the little guy, since they don't have enough traffic to matter.

Aug 02, 2014 12:12 AM
Kathy Streib
Room Service Home Staging - Delray Beach, FL
Home Stager - Palm Beach County,FL -561-914-6224

Robert- it's frustrating and scary at the same time.  Sites that you think would be safe, may not be.  

Aug 02, 2014 03:46 AM
Paula McDonald, Ph.D.
Beam & Branch Realty - Granbury, TX
Granbury, TX 936-203-0279

I have been receiving the ones from the fake Toll Road collection agency!  Argh!

Aug 02, 2014 03:51 AM
Suzanne McLaughlin
Sabinske & Associates, Inc. (Albertville, St. Michael) - Saint Michael, MN
Sabinske & Associates, Realtor

I like my security system.  But, I rarely buy anything on line.  And, I pay cash for most other purchases, especially at Target and Walmart!

Aug 02, 2014 04:46 AM
Joan Whitebook
BHG The Masiello Group - Nashua, NH
Consumer Focused Real Estate Services

Robert -- this is so scary.  I missed the Target mess by one day.  It didn't dawn on me that if my atm card was comprised, my bank account could be wiped out. At least with a credit card there is a $50 limit.  Back to cash or credit cards for me.

Aug 02, 2014 06:38 AM
Bill Reddington
Re/max By The Sea - Destin, FL
Destin Florida Real Estate

Realtor.com and fellow companies got hit a few weeks ago. Just don't click on links where you don't know the sender. Supposed Google has been sending me receipts for something I purchased.  Spam for sure. You just never know.

Aug 02, 2014 02:46 PM
Back to Top

What's the reason you're reporting this blog entry?

Are you sure you want to report this blog entry as spam?