COVID-19 and the rise in online brand abuse

New research carried out by CSC Digital Brand Services, an online brand security company, has identified 325k domains that conduct malicious activities and enable brand abuse, 68% of which were related to COVID-19 treatment, testing and tracking. Chief technology officer Ihab Shraim tells us what this means for the healthcare sector. 

What exactly is brand abuse? 
Brand abuse is any use or misuse of a brand name by an unauthorised third party in a way that either causes damage to the brand and/or creates financial benefits for the infringer, also called "bad-actor". This can include misdirection of online web traffic, and falsely claiming an affiliation so as to add credibility to online goods,  including fake sites and e-commerce sites selling counterfeits. 

How widespread was this problem before the pandemic?
Before COVID-19, brand abuse was an unexpectedly common challenge for brands. It's been around in a number of different forms and online channels for at least the last 20 years. Brand abuse impacts all industries, has an extremely widespread ecosystem and a growing infringement economy to support itself. Previous studies have shown a counterfeit economy valuing at over $500 billion, with expectations to continue growing upwards. With an internet economy of around $4 trillion, abuse such as revenue leakage and grey market distribution continues to be an all-too common challenge for brands.

How has the pandemic impacted online brand abuse?
Once the pandemic began, many companies who weren’t previously online had to quickly shift their focus to developing new platforms to reach their consumers. As companies grew their online presence, their risk of online brand abuse increased due to their exposure to an intertwined ecosystem of brand and fraud abuse. Fraudulent campaigns, fake websites, and counterfeits goods all allow bad actors to steal and abuse brands. Similarly, the growth in people working from home and the increase of their use of online channels essentially provided an incubator to engage people in various forms of online fraud, generally unknowingly to those consumers.

The pandemic allowed for many of these campaigns to operate continuously. As events unfolded, for example, we initially saw an increase in fake testing and kits, followed by false cures, and eventually fraudulent government stimulus checks. Scams followed that associated with the use of video conferencing software, use of other COVID-related ‘hooks’ to engage people looking for information, reassurance or protective equipment, and abuse of names of trusted organisations to lend credibility to scams and spread of false information. 

What are the most common forms of brand abuse in the healthcare sector?
Scams associated with COVID-19, such as fake COVID test-kits, vaccinations and cures, as well as fake email campaigns, heatmap statistics and reports with linked hyperlinks to malware that harvest credentials. Also brand seeding and association, incorrectly branded oxygen tanks and breathing apparatus, and misuse of branded drug references. 

 What can organisations do to mitigate brand infringement?
An organisation needs to ensure it is implementing the following proven recommendations across multiple platforms:
⦁    Track and monitor their online brand presence
⦁    Subscribe to services that provide an early detection and analysis of critical threat vectors targeting the Domain Name Portfolio (ex. phishing, DNS hijacking, sub-domain-names, etc.)
⦁    Work with a global secured registrar to protect the online Domain Name Portfolio
⦁    Work with a global enforcement company that will mitigate these threat vectors

Can you share some highlights from your recent research into online brand abuse?
Over 325,000 COVID-related domains were registered across the monitoring period, and we identified over 600 individual online stores purporting to offer the sale of "cures". Of the set of active websites categorised as brand scams: 
⦁    36% were related to COVID treatments
⦁    32% pertained to tracking-and-testing
⦁    31% featured e-commerce content 
⦁    and 1% fraudulently made use of the name of a health organisation to lend credibility to the site