COVID-19 and the rise in online brand abuse
New research carried out by CSC Digital Brand Services, an online brand security company, has identified 325k domains that conduct malicious activities and enable brand abuse, 68% of which were related to COVID-19 treatment, testing and tracking. Chief technology officer Ihab Shraim tells us what this means for the healthcare sector.
What exactly is brand abuse?
Brand abuse is any use or misuse of a brand name by an unauthorised third party in a way that either causes damage to the brand and/or creates financial benefits for the infringer, also called "bad-actor". This can include misdirection of online web traffic, and falsely claiming an affiliation so as to add credibility to online goods, including fake sites and e-commerce sites selling counterfeits.
How widespread was this problem before the pandemic?
Before COVID-19, brand abuse was an unexpectedly common challenge for brands. It's been around in a number of different forms and online channels for at least the last 20 years. Brand abuse impacts all industries, has an extremely widespread ecosystem and a growing infringement economy to support itself. Previous studies have shown a counterfeit economy valuing at over $500 billion, with expectations to continue growing upwards. With an internet economy of around $4 trillion, abuse such as revenue leakage and grey market distribution continues to be an all-too common challenge for brands.
How has the pandemic impacted online brand abuse?
Once the pandemic began, many companies who weren’t previously online had to quickly shift their focus to developing new platforms to reach their consumers. As companies grew their online presence, their risk of online brand abuse increased due to their exposure to an intertwined ecosystem of brand and fraud abuse. Fraudulent campaigns, fake websites, and counterfeits goods all allow bad actors to steal and abuse brands. Similarly, the growth in people working from home and the increase of their use of online channels essentially provided an incubator to engage people in various forms of online fraud, generally unknowingly to those consumers.
The pandemic allowed for many of these campaigns to operate continuously. As events unfolded, for example, we initially saw an increase in fake testing and kits, followed by false cures, and eventually fraudulent government stimulus checks. Scams followed that associated with the use of video conferencing software, use of other COVID-related ‘hooks’ to engage people looking for information, reassurance or protective equipment, and abuse of names of trusted organisations to lend credibility to scams and spread of false information.
What are the most common forms of brand abuse in the healthcare sector?
Scams associated with COVID-19, such as fake COVID test-kits, vaccinations and cures, as well as fake email campaigns, heatmap statistics and reports with linked hyperlinks to malware that harvest credentials. Also brand seeding and association, incorrectly branded oxygen tanks and breathing apparatus, and misuse of branded drug references.
What can organisations do to mitigate brand infringement?
An organisation needs to ensure it is implementing the following proven recommendations across multiple platforms:
⦁ Track and monitor their online brand presence
⦁ Subscribe to services that provide an early detection and analysis of critical threat vectors targeting the Domain Name Portfolio (ex. phishing, DNS hijacking, sub-domain-names, etc.)
⦁ Work with a global secured registrar to protect the online Domain Name Portfolio
⦁ Work with a global enforcement company that will mitigate these threat vectors
Can you share some highlights from your recent research into online brand abuse?
Over 325,000 COVID-related domains were registered across the monitoring period, and we identified over 600 individual online stores purporting to offer the sale of "cures". Of the set of active websites categorised as brand scams:
⦁ 36% were related to COVID treatments
⦁ 32% pertained to tracking-and-testing
⦁ 31% featured e-commerce content
⦁ and 1% fraudulently made use of the name of a health organisation to lend credibility to the site
NHSX releases new data plans, experts call for transparency
Patients in England will get "greater control" over their health and care data according to new proposals set out by the government.
In a new draft strategy called "Data saves lives: reshaping health and social care with data", Health and Social Care Secretary Matt Hancock says that more effective use of data will deliver better patient-focused care. "This strategy seeks to put people in control of their own data, while supporting the NHS in creating a modernised system fit for the 21st century which puts patients and staff in pole position."
Under the new plans people will be able to access their medical records from different parts of the health system through different applications, to access test results, medication lists, procedures and care plans.
The strategy, published by NHSX, the government department that sets policies for the use of technology within the NHS, follows delays to the creation of a central database of patient records amid concerns over data sharing and a lack of transparency, with critics saying that only a small proportion of the public were made aware of the plans and the choice to opt out.
Kevin Curran, senior member of The Institute of Electrical and Electronics Engineers (IEEE) and Professor of Cybersecurity at the University of Ulster, says that moving health records online raises concerns. "The move to an online app does seem like a natural progression, however there is a difference between having computerised records within our healthcare IT infrastructure and having those records reside on a public facing server.
"Having records inhouse limits the range and type of access – it's far more difficult for remote hackers" Curran said. "There are techniques that healthcare organisations can use to reduce the risk of future data breaches. One way is to make it ‘opt in’, so patients have the choice to decide whether their medical information is moved to a public facing service so that they can access it.
"However, those who do not opt in or download the app instead should have their records hosted in a non-public-facing cloud service. This way, if a data breach does occur, those who never used the app, or not wanted to, will not have had their details released."
The new strategy has been welcomed by some, with an emphasis on the need for transparency. Adam Steventon, Director of Data Analytics at the Health Foundation, said: "Health data has played a critical role in the last year – from tracking COVID-19 outbreaks and developing treatments, to getting people booked in for their vaccines. It is critical that the use of data is accelerated if the NHS is to tackle the backlog of care and address the massive health challenges facing the country.
"It is particularly positive that the government has committed to building analytical and data science capability in the NHS and to improving data on social care. To ensure the full potential of data can be realised, the government must ensure transparency on how it will be used and the rights and options people have, as well as engaging with the public and health care professionals to build trust and show people how their data can improve the NHS and save lives."