When Malware Plagues Brands

This week, FairWinds published a paper that was the culmination of research into the prevalence of malware among typos of popular websites’ domain names. We discovered that hundreds of these sites expose users to computer-infecting viruses, invasive spyware, or information-stealing Trojan horses.

Typically when we study typosquatting, we focus on the fact that the typographical errors that Internet users make while typing in the domain names of popular websites can cost the companies behind those sites millions of dollars in lost revenue and unnecessary advertising fees. However, in this most recent investigation, we found that users are at risk as well.

In total, we found instances of typo domain names that spread malware across the sites of 82 major brands. These include brands like Google, Microsoft, USA Today, The New York Times, AutoTrader.com and Travelocity.

When a cybercriminal exploits a recognizable and trusted brand name to spread malware, it can be extremely misleading to Internet users, and we have found that they may direct their anger toward the company in question. The FBI backs up these findings:

“We see it all the time,” says Supervisory Special Agent Charles Pavelites of the Internet Crime Complaint Center (IC3). “People believe what they see on the Internet and in emails. If a consumer visits a copycat site hosting malware that looks like it belongs to a legitimate company, he or she is more likely to believe that whatever harm is incurred is the company’s fault.”

When it comes down to it, brand owners must be diligent about enforcing their brands in the domain space and protecting their customers. When malware is involved, that goes beyond protecting against monetary losses to protecting customers and delivering the best online experience, while protecting brand equity in the process.