Call 0845 485 1219
We love digital - Call and say hello - Mon - Fri, 9am - 5.30pm
by Mike Essex on 12th April 2011
I’ve talked about two types of spam topics in the last month – Content Farms and Black Hat SEO, but neither of these problems can compete with the fallout caused by hackers and con artists online. Today then I tackle the big fish, and share my own experience in being hacked.
This post is inspired by a sequence of events that I’ve seen not only in my own life but across the Koozai team. Although we work in digital marketing every day it doesn’t mean we’re any safer and most of the team have been victim to scams and hackers. For instance, the following has happened in the last month alone:
• Several PC’s have been hacked
• A personal Amazon account was hacked and several fake purchases made
• A personal Facebook account was hacked, and has not been taken down (despite multiple complaints)
• Fake software has been incorrectly purchased
• Multiple viruses and malware have been stopped
This is really just the tip of the iceberg, and you only have to ask around to find stories of scam artists at play. I guarantee you won’t have to ask many people until you find someone who has been a victim of some sort of hacking / scam attack, so just what can be changed to resolve this? The web has given us virus scanners, web security teams, online police deterrents, firewalls and passwords, yet people are still caught out every single day. It seems for the most part the hackers are winning, so does the responsibility fall to the brands themselves to protect us?
What Can Brands Do?
Barclays Case Study
Online banking has always had a long winded log in process (internet number / password / memorable info etc) but Barclays take this to a whole new level with their Pin Sentry. To access a Barclays account online you need:
• The Pin Sentry device
• A Barclays card
• The customers online banking number
• The customer’s pin number
Whilst this sets up an obstacle for the customer, it’s hard to see any chain of events that could result in a scam artist obtaining all of that information. A stolen statement wouldn’t be enough, nor would a stolen / cloned card. It’s a closed system, which is a perfect storm of locked down procedures. The Pin Sentry device is equally critical and three failed PIN attempts will lock a card, making it a tough (if not impossible) system to breach.
As a customer it’s a time consuming process, but it is very very safe, and that’s worth the extra hassle. For proof that it’s working you only have to look to HSBC who are also launching a similar service.
Links of London Case Study
Caroline Rolfe (Links of London) spoke at the Spring Symposium on the steps they take. One of the key strategies for Links of London is to play Cybersquatters and Typosquatters at their own game, by registering as many possible brand name URL addresses as they can. They do this by using Google keyword tool to see brand term searches people are making, and then these domains are registered before the cybersquatters can get them.
It’s a good system, and one that is also well catered for by the UDRP process to resolve domain disputes. If you find someone is using your brand name, this process allows you to reclaim the domain and push out the con artists. It’s not an especially long winded process, but it is far easier for a brand to purchase the domain name variations first rather than having to go down the UDRP route.
GHD Case Study
A talk by Tom Woodward (GHD) at the MarkMonitor Spring Symposium 2011, highlighted they have seven people working full time on stopping the sale of counterfeit goods. In the last 12 months they have stopped 7,500 websites selling fake GHD goods. That’s just one brand working on a single product type, and it’s working too.
A search for GHD on Google UK (performed on 11/04/11) bought up an entire list of sites in the organic and paid listings that were valid. The results did contain several notes from Google that sites had been removed “In response to a complaint we received under the US Digital Millennium Copyright Act,” which again is a positive indicator of the work being done. You can also compare websites at bewareoffakes.ghdhair.com/ to find out which sites are real and it’s positive to see a brand making a difference.
Given that GHD seem to be doing all they can, Tom also suggested that in the future a “higher onus of responsibility must be placed on internet platforms and payment providers”. This seems understandable as it’s hard to see any other methods GHD could do to control the marketplace.
What Can Distributors / Platforms Do?
AWeber / Mail Chimp Case Study
For some companies email marking rules are nothing more than guidelines that can be ignored. They assume they’ll never get caught and frustratingly most don’t. Based on this it’s good to see that both Mail Chimp and aWeber have strict rules in place that take away the opportunity for scam content.
By default AWeber do not allow forward to a friend buttons, so all spam is kept just to the original user, and both platforms will ban anyone sending emails with a high unsubscribe rate. In addition you’re forced to include a postal address, adding another layer of trust for customers who receive these emails.
If a brand isn’t sending their email marketing via a large provider, you have to wonder whether they have obeyed the CAN-SPAM guidelines. Big brands must pair with email providers who have a track record, and who respect these guidelines.
eBay / Tiffany & Co Case Study
No online platform has been given more accusations of allowing people to sell counterfeit goods than eBay. Their open platform for trading, allows people to sell anything to anyone and this has been abused time and time again by scam artists. Although eBay do have systems in place, brands have accused them of not doing enough; this included the high profile case of Tiffany (NJ) Inc et al v. eBay Inc which resulted in the following decision:
“Tiffany failed to establish that eBay intentionally set out to deceive the public, much less that eBay’s conduct was of an egregious nature sufficient to create a presumption that consumers were being deceived,” the judge wrote.” – Reuters
Although Tiffany felt eBay were allowing both the trade of fake goods, and encouraging people to purchase them via AdWords adverts, the court did not agree. In a further ruling the case was staked in eBay’s favour:
“the U.S. Second Circuit Court of Appeals had upheld Sullivan’s July 2008 dismissal of most of Tiffany’s lawsuit, saying that “eBay did not itself sell counterfeit Tiffany goods; only the fraudulent vendors did.” – Reuters
Following this logic it is the job of brands and not the online marketplaces to detect fraud and stop it. It’s not just Tiffany & Co who have fought this battle either. Rolex, L’Oréal and Lous Vuitton have all fought against eBay with varying results.
Policing the millions of items listed daily is a daunting task and as such it is unsurprising that eBay have tried to pass the responsibility for this on to brands and customers. They implemented a Verified Rights Owner (VeRO) Programme which allows brands to monitor their listings and get counterfeits removed. Customers can also report fakes, and the eBay buyer protection promise is generally strong.
However with counterfeits growing in quality, it’s hard to see how brands themselves, customers or eBay can spot counterfeits by trawling online listings and just looking at photos and text. This information could be pulled from official websites, and it’s only when the finished product is received that the problem can be spotted.
What Can Customers Do?
Amazon Case Study
This weekend was the first taste I got of being hacked (at least that I knew of). My wife’s Amazon account was broken in to and several purchases made in her name. She awoke on Sunday morning to find the fake purchases on her email, and we promptly called Amazon to make them aware. After making ten purchases the spammer had changed the email address on file, and so we couldn’t log in to make any changes.
Amazon were very helpful, and had spotted the issue before we had (10 orders in 10 minutes must have rung a few alarm bells), and promptly closed the account. No money was lost, and all we had to do to was make a new account.
This was quite a wake-up call and caused us to rethink our own online purchasing. Had the spammer changed the email straight away, and made purchases over a longer period it’s hard to see how we would have spotted the issue, or whether it would have tripped any alarms with Amazon. We did get an email to say the login details had been changed, but if we didn’t check that email account online that would have been a major problem. All of these issues are our fault, but typical of standard customer behaviour online. So to ensure people are protecting themselves here’s some extra steps:
• Don’t be naive, anyone can get scammed
• Only ever keep one card on file with an online store (none if possible)
• Make purchases with a credit card
• Only have one email address for everything you order online
• Read reviews of both the vendor and product before buying
• Only use https sites
• Use official retailer websites where possible
Based on all the market signals above it is very clear that brands have a corporate responsibility to protect customers from scam artists and fake goods. Given that “1 in 4 active Internet users visit piracy sites once a month” (Irfan Salim – Evolving brand protection landscape) we can no longer assume that customers are getting smarter at spotting scams. If anything the scam artists are getting smarter; they’re creating better looking websites, finding new ways to hide themselves and moving at such a rapid pace it’s hard for brands to keep up.
But there is hope. The work GHD and Links of London have been able to achieve is encouraging, and although they’ve been the victim of lawsuits, eBay do take a lot of steps to protect customers or refund them if they are conned. Whilst it seems unlikely the problem will go away entirely, every time a brand stops a scam site or protects their brand they are saving a customer from being scammed. It also sends a message to the scam artists that the brand is watching, which can help deter others in the future. It may seem like a sticking plaster solution, but it’s better than taking no action and allowing the problem to grow.