The Anti-Phishing Working Group (APWG) has released its report on phishing trends during the first quarter of 2012. While brand owners have become increasingly vigilant in their defence against phishing, the perpetrators have likewise grown more sophisticated, making it crucial that brand owners continually review their online protection strategies.

The APWG conducted its study by collecting data from its member companies, global research partners and through email submissions from other organisations. According to the findings, the first three months of 2012 saw a record number of brands hijacked for phishing purposes. During February and March, a total of 392 organisations reported that their brands had been used by online fraudsters – an increase of 8% from the previous high recorded in December 2011. Speaking to the Information Security Media Group (IMSG), Peter Cassidy, secretary-general of the APWG, suggested that the increase reflected the phishers targeting a more diverse range of brands for hijacking. “They are diverging from the big brands that tended to be the focus of their efforts early on,” he said. “Now it seems that no kind of enterprise is safe from phishing.”

Brian Winterfeldt, partner at Steptoe & Johnson, agrees that those engaging in phishing have become increasingly sophisticated in both their approach to consumers and their presentation. “In the past, phishing emails appeared to come primarily from financial services organisations, linking consumers to pages where they would be prompted to enter personal account details,” he notes. “Today, however, these bad actors are finding alternative approaches, such as purporting to link to reservation information, package delivery details or coupons, and may request bank information under the guise of offering a refund.” Furthermore, Winterfeldt adds that phishing websites have become more adept at copying logos and other design details, appearing virtually identical to genuine websites and causing the consumer significant problems in distinguishing between authentic brand communications and phishing attempts. “These emails are often able to replicate branding elements with alarming accuracy,” he warns.

As well as diversifying their targets, the APWG findings suggest fraudsters have also changed their strategies to try to overcome measures that have previously been fairly effective against them. The report shows a significant spike in unique phishing sites during February – another all-time high – with figures remaining consistent throughout the first quarter, indicating sustained phishing activity according to the report. “The unique phishing sites statistic is really about the efficiency of the bad guys in deploying vast numbers of sites, sometimes in single campaigns, to make it more difficult for the good guys to take them down,” Cassidy explained to the ISMG. “It speaks more to their strategies, which are continuing to get more efficient all the time in terms of effectively clouding their actions through vast amounts of activity.”

It is nigh on impossible for trademark counsel and their colleagues to actually stop such a vast number of phishing emails being sent to consumers. However, Winterfeldt suggests that there is another strategy that brands can adopt in their battle against internet-bound fraud. “The best weapon against phishing harms is consumer awareness,” he says. “Brand owners, regardless of size or industry, should communicate clearly to their customers the types of information they may and may not request via email.” This will help consumers to identify when a communication is genuinely from the brand or otherwise. “Furthermore, as a great deal of phishing is conducted through email links, organisations communicating with consumers through email may wish to minimise links in their official emails,” Winterfeldt adds. Brands can also benefit by offering their customers easy-to-use reporting mechanisms when they suspect phishing. After all, the APWG study only picks up on those instances of phishing that have been identified and reported – what about all the brands that have no idea their IP is being misappropriated for fraudulent purposes?

As well as keeping up-to-date with the latest phishing trends, in-house and outside counsel should continue to work with email service providers to investigate and block parties engaging in such activity, where possible. By taking these measures, companies can continue to stay a step ahead of infringers and reduce the potential negative impact that online fraud perpetrated by third parties can have on brand equity.