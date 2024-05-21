Cybersecurity

Internet

See all Internet

IT

See all IT

Mobile Tech

See all Mobile Tech

Security

See all Security

Technology

See all Technology

Newsletters

See all Newsletters

Website Impersonation Scams Surge, Solutions Fall Short: Study

A team of developers working on artificial intelligence projects

Website impersonation scams have become a growing problem, although many businesses aren’t happy with the tools they have to address them.

A study released Tuesday by digital risk protection solutions company Memcyco found that nearly three-quarters of businesses have deployed a digital impersonation protection solution to avert online scams, but 6% of those organizations are satisfied that it protects them and their customers. “That’s really shocking,” Memcyco CMO Eran Tsur told TechNewsWorld.

According to the study, more than two-thirds of businesses (68%) know their websites are being impersonated, and almost half (44%) know this directly impacts their customers. The study is based on a survey of 200 full-time director-to-C-level employees in the security, fraud, digital, and web industries in the United States and the United Kingdom.

“A spoofed website can lead to significant financial losses for customers if they are tricked into providing login credentials or sensitive personal information,” said Matthew Corwin, managing director of Guidepost Solutions, a global security, compliance, and investigations firm.

“Brand reputation can be severely damaged if customers fall victim to scams perpetrated through an impersonated website, eroding trust in the company,” he told TechNewsWorld.

A website impersonation scam can harm more than a company’s reputation. “There can also be direct financial losses from fraud, as well as indirect costs related to remediation, legal fees, and possibly some customer compensation,” Ted Miracco, CEO of Approov Mobile Security, a global mobile application security company, told TechNewsWorld.

Leaning on Customer Reports for Detection

The study also found that the most common way two-thirds (66%) of the surveyed companies became aware of website impersonation attacks was through incident reports from affected customers. “That’s unbelievable,” Tsur said. “Not only are the deployed solutions not protecting against or preventing these attacks, the organizations don’t have a clue whether these attacks have taken place or not.”

Guidepost Solutions’ Corwin noted that businesses that depend primarily on customer reports to detect impersonation scams might miss out on crucial early warnings and the opportunity to defend against emerging threats proactively. “A reactive approach puts the burden on customers, which can damage customer relationships and trust,” he said.

“Learning about scams from customers means the attack has already impacted individuals, causing harm before mitigation even begins,” added Approov’s Miracco. “Regular scans are the only alternative that might take down fake websites that mimic a brand, but this is challenging, as you have to anticipate events before they occur.”

“Working from customer reports is a reactive approach, not a proactive one,” he said. I’m not sure an adequate defense exists yet, so users need to be educated and more careful before responding to emails that look legitimate.”

An even more worrying finding of the study is that over 37% of businesses said they first become aware of fake websites when customers affected by phishing-related scams publicize their experience on social media, a practice known as “brand shaming.”

The study questioned how much longer businesses can afford to rely on customers as their main source of threat intelligence with AI and phishing kits increasingly available off-the-shelf.

“With these kits, everything is fully automated,” Memcyco’s Tsur observed. “You can launch it and forget it.”

Cybersecurity’s Worst Nightmare

Corwin explained that the accessibility of AI-driven tools and pre-packaged phish kits means even less technically skilled individuals can execute convincing impersonation attacks. “AI-enhanced phishing tools can mimic legitimate websites more accurately, deceiving even the most vigilant users and amplifying the threat landscape,” he said.

“Often,” he continued, “cybercriminals will also leverage domain names that appear nearly the same as the legitimate address of a company or brand but contain slight variations or errors, known as ‘combosquatting’ or ‘typosquatting.'”

“AI is very dangerous,” added Miracco. “These tools are so easy to use, even for individuals with no technical skills, allowing virtually anyone to create sophisticated phishing campaigns. It’s our worst cybersecurity nightmare come true — hand-delivered by companies that talk about how wonderful AI will be. Sadly, the early adopters of most technologies are bad actors.”

Patrick Harr, CEO of SlashNext, a network security company in Pleasanton, Calif., noted that website impersonations have existed since the web was born.

“These were typically easy to spot by almost any user,” he said. “What has changed recently is two things — phishers are squatting on legitimate domains, and phishers are using phishing kits and AI to generate near-perfect website pages.”

“Without AI computer vision countermeasures, these are very difficult to discern and will make the threat actors more successful, not less,” he maintained.

Strategies To Combat Website Impersonation Scams

Roger Grimes, a defense evangelist for KnowBe4, a security awareness training provider in Clearwater, Fla., recommended that every company sending emails implement DMARC, SPF, and DKIM, which are global anti-phishing standards. “They attempt to defeat malicious emails and links claiming to be from the legitimate sending domain,” he told TechNewsWorld.

“For example,” he explained, “If I get an email claiming to be from Microsoft, the receiver’s email server/client can use DMARC, SPF, and DKIM to see if the email actually originated from Microsoft.”

Miracco recommended that company websites ensure all web traffic is encrypted with SSL/TLS certificates to make it harder for attackers to intercept and spoof communications.

He added that mobile applications should implement attestation mechanisms to verify their integrity and ensure that interactions with backend APIs only originate from legitimate, unaltered instances of the app. They should also hire threat intelligence services that can monitor for phishing kits, fake domains, and other indicators of impersonation.

To counter tactics like typosquatting, Corwin noted that companies can register obvious variations or likely misspellings of existing domains, including hyphenated names, other popular domain extensions, and characters slightly out of order.

“There are brand monitoring services that will monitor for phishing sites and new domains which contain company intellectual property, and some will even help with automated domain takedown services,” he said. “These may help some companies, but unfortunately, because there are so many potential variations of domain names and current tools make it so easy to create these phishing sites, the risk is likely to persist.”

Miracco added that companies should not only focus on technological defenses but also foster a culture of security awareness among employees and customers.

“Website impersonation scams are a rapidly evolving threat that requires a multi-faceted approach,” he said. AI has enabled this problem, and hopefully, in the near future, we will be deploying AI-enabled solutions that can preempt users from making costly mistakes with a fake site.”

John P. Mello Jr.

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
view all
policymakers discussing guidance for artificial intelligence
Think Tank Issues Guidance for AI Policymakers
May 22, 2024
information technology professional usinging artifical intelligence to monitor a computer network
Cat-Phishing, Living-Off-The-Land, Fake Invoices Top Q1 Cyberthreats: Report
May 16, 2024
AI-enhanced search
AI-Enhanced Searches May Pose Threat to Creators, Publishers
May 14, 2024
Apple M4 chip
Apple Muscles Up iPad Pro With M4 Silicon and Tandem OLED Display
May 8, 2024
AI-generated content
Copyleaks Study Finds Explosive Growth of AI Content on the Web
May 1, 2024
tech executives planning for generative AI
AI Forcing Many Companies To Rethink Their Data-Crunching Ways
April 30, 2024
weak password credentials on a sign in screen
Brute Force Password Cracking Takes Longer, But Celebration May Be Premature
April 24, 2024
woman using a dating app on a smartphone viewing a young man's profile
Mozilla Waves Red Flag Over Data Hungry Dating Apps
April 23, 2024
Apple iPhone 15 Pro
Pundit Predicts Apple AI Will Be Bound to iPhone, Analysts React
April 17, 2024
IT infrastructure setup, including servers, switches, routers, and structured cabling systems in a data center
Google Joins Amazon, Microsoft With New Arm-based Data Center CPU, Axion
April 10, 2024
More in Cybersecurity
Deepfake AI face swap
Addressing the Deepfake Risk to Biometric Security
May 7, 2024
passkey, passwordless security
Proton Adds Passkey Support to Password Manager, Knocks Big Tech
April 9, 2024
cybercrime hackers
Hacker Nation: The World’s Third-Largest Economy
April 8, 2024
hacked computer hardware
Ransomware Gangs Targeting Backups To Maximize Payoffs
April 2, 2024
cybersecurity team in systems control room
Report Finds White Hats on Offensive Against Black Hat Hackers
March 6, 2024
browser security to secure the enterprise
Menlo Secure Cloud Browser Enables a Safer Enterprise Workspace
February 20, 2024
Deepfake AI face swap
Are Deepfakes Overblown?
February 19, 2024
A man looking for romance using a dating app on his smartphone
Mozilla Recommends ‘Swiping Left’ on AI Romance Apps
February 14, 2024
mobile app security
Mobile Security Firms Fortify Defenses as App Attacks Accelerate
February 5, 2024
smartphone user checking branded caller ID
AT&T, TransUnion Launch Initiative To Combat Business Call Spoofing
January 31, 2024

Your view on voice-altering technology to remove call center agents' accents?
Loading ... Loading ...

Technewsworld Channels

Applications

Applications

CoordinateHQ Takes the Noise Out of Project Management Systems

Audio/Video

Audio/Video

OpenAI’s Sora, ElevenLabs, and the End of Video Media as We Know It

Chips

Chips

Will AI-Enabled Processors Spark a PC Supercycle This Year?

Computing

Computing

Post-Open Licensing Could Offer Software Devs Funding Alternatives

Cybersecurity

Cybersecurity

Addressing the Deepfake Risk to Biometric Security

Data Management

Data Management

Brute Force Password Cracking Takes Longer, But Celebration May Be Premature

Developers

Developers

AI Will Have a Transformative Impact on Software Development in 2024

Emerging Tech

Emerging Tech

New DOT Safety Rule Will Save Electric Car Drivers’ Lives

Exclusives

Exclusives

More Linux Malware Means More Linux Monitoring

Gaming

Gaming

Next-Generation Wi-Fi 7 Standard Expected To Be Finalized in Early 2024

Hacking

Hacking

Hacker Nation: The World’s Third-Largest Economy

Hardware

Hardware

Business Buyer’s Guide for a Better PC Purchase

Health

Health

SevaCare Blood Pressure Monitor Offers Affordable Home Health Assurance

Home Tech

Home Tech

Qualcomm Makes the Smart Home Work

How To

How To

Upgrading to Ubuntu 24.04 LTS Noble Numbat: Step-by-Step Guide

Internet of Things

Internet of Things

Paranoia in the Home: 1 in 3 Americans Worried About Their Smart Gadgets Being Hacked

IT Leadership

IT Leadership

Intel Fights Back, Major AI Threats Ahead, and Michael Dell Is Back, Baby!

Malware

Malware

Mobile Security Firms Fortify Defenses as App Attacks Accelerate

Mobile Apps

Mobile Apps

Mozilla Waves Red Flag Over Data Hungry Dating Apps

Operating Systems

Operating Systems

Qualcomm Chip Closing Performance Gap With Apple M3 in Leaked Benchmarks

Privacy

Privacy

Proton Adds Passkey Support to Password Manager, Knocks Big Tech

Reviews

Reviews

Beatbot AquaSense Pro: Just in Time for Summer, the Ultimate Robot Pool Cleaner

Science

Science

AI-Powered Software Offers Breakthrough for Treating Dyslexia

Search Tech

Search Tech

Copyleaks Study Finds Explosive Growth of AI Content on the Web

Servers

Servers

Disorganization, Not Cost, Fuels the IT E-Waste Crisis

Smartphones

Smartphones

Pundit Predicts Apple AI Will Be Bound to iPhone, Analysts React

Social Networking

Social Networking

Tech Coalition Launches Initiative To Crackdown on Nomadic Child Predators

Space

Space

Amazon’s Competitor to Musk’s Starlink Takes Critical Step Toward Deployment

Spotlight Features

Spotlight Features

How To Leverage Gen AI Without Losing the Corporate Shirt

Tablets

Tablets

10 Products From CES 2024 That Set the Innovation Bar

Tech Buzz

Tech Buzz

The DOJ’s Flabby Antitrust Lawsuit Against Apple

Tech Law

Tech Law

The Case Against Noncompete Agreements

Transportation

Transportation

How AI Could Have Prevented the Key Bridge Collapse

Virtual Reality

Virtual Reality

Vision Pro Revives One-and-Done App Purchases

Wearable Tech

Wearable Tech

Apple Vision Pro Impressions: One Week Later

Women In Tech

Women In Tech

‘Women Don’t Play’ Confronts Gender Disparity in the Tech Industry

More from ECT News Network

E-Commerce Times

European E-Commerce Ripe for North American Retailer Expansion
European E-Commerce Ripe for North American Retailer Expansion
May 21, 2024
Retailers Ignoring Customer Privacy, Website Usability Put Business at Risk
Retailers Ignoring Customer Privacy, Website Usability Put Business at Risk
May 9, 2024
Morphing Demographics Require Imaginative PR Strategies
Morphing Demographics Require Imaginative PR Strategies
May 8, 2024

LinuxInsider

Post-Open Licensing Could Offer Software Devs Funding Alternatives
Post-Open Licensing Could Offer Software Devs Funding Alternatives
May 7, 2024
Upgrading to Ubuntu 24.04 LTS Noble Numbat: Step-by-Step Guide
Upgrading to Ubuntu 24.04 LTS Noble Numbat: Step-by-Step Guide
April 30, 2024
How To Connect via OpenVPN on Ubuntu
How To Connect via OpenVPN on Ubuntu
April 19, 2024

CRM Buyer

The Broad Scope of AI Implementation for Enhancing CRM Efficiency
The Broad Scope of AI Implementation for Enhancing CRM Efficiency
May 10, 2024
Turning Point
Turning Point
May 2, 2024
Bigeye’s Dependency-Driven Monitoring Boosts Reliability of CRM Data
Bigeye’s Dependency-Driven Monitoring Boosts Reliability of CRM Data
April 15, 2024