One-click purchasing and email marketing are just two indications of the new online consumption era, which also includes digital security trends. These days, companies in fact strive to protect the consumer’s shopping journey, removing obstacles and dangers. To put this scenario into perspective, a good first step is to understand it. That’s why we have compiled a dictionary of current digital risks.
Digital risks: why you should be concerned
A digital risk that affects brands and consumers is one that causes financial damage—sometimes in the millions—and that is outside the perimeters of the company’s operations. In technical terms, this represents everything that goes on “outside” the firewall protection.
With this in mind, let’s take a look at three key concepts that are significant in the field of digital security. Then you will be able to grasp the full extent of the 21 threats and terms, grouped into four types.
A device that evaluates the entrance and exit of data in a network according to specific criteria, providing control and protection. There are a variety of types, and it has become indispensable in managing security incidents.
Digital Risk Protection
The part of security that acts outside the firewall’s perimeter, mitigating digital risk. It is based on awareness that the consumer’s journey can be affected by countless cybercriminals and fraudsters at all levels of the Internet, therefore requiring programs for monitoring and response.
Compliance is risk management (of every kind) in business management. In its digital and online aspects, it requires a very proactive and attentive stance toward internal and external security problems, which are covered by a Digital Risk Protection solution.
Digital fraud and data capture
A fake and fraudulent website created to capture personal data, such as passwords and credit card numbers.
Spear phishing: a type of phishing attack that’s directed toward a specific person or company.
Malicious software created to alter, damage or collect data from a user or system.
Command and Control (C&C)
A server that controls computers infected by malware, thereby stealing data and disseminating the fraud.
A URL that redirects the user to a phishing scam, malware or other malicious artifact.
Manipulation of the Domain Name System (DNS) to capture data. The name is derived from “phishing” + “farming.” It can occur in two ways:
- Rogue DNS: A DNS server created for malicious purposes to steer users to a fake website. Normally configured through malware or by an external attack on a vulnerable router;
- DNS Poisoning: poisoning of a DNS that sends many users to a fake website.
Fake coupon/promo code
Websites that collect data and require sharing with other users in exchange for “promotions.”
PAC (Proxy Auto-Config)
Proxy alterations in the browser that lead to a phishing attack.
Malicious proxy configured via malware in the browser or operating system.
Misuse or fraudulent use of a brand
Fake social media profiles
Pages that misuse brand names, customers and/or images. They disseminate fraud, fake employment opportunities and phishing.
Similar domain names
Websites registered using cybersquatting. Due to their similarity to legitimate names, these are likely to host malicious content.
Cellphone apps using the brand in official stores can lead to phishing attacks or malware. But unofficial stores, which offer outdated versions of a legitimate app, are even more dangerous, since outdated apps may contain security flaws.
Fake finance company pages that are aimed at collecting personal information or deceiving potential clients with “fees” for credit clearance. This fraud can occur through the use of a brand and/or data such as a registered federal Employer Identification Number.
Digital piracy and unauthorized sales
Illicit online marketing of counterfeit products or products sold through unofficial vendors. This type of scam is predominant in e-commerce marketplace websites (including those in social networks).
Wrongful exposure of confidential data, from businesses or consumers, in online environments. It occurs on the surface web as well as on the deep and dark web. The data leaked is primarily:
- Application codes
- Credit cards
- Credentials and passwords
- Personal information
- Executives’ information
In protecting against data leakage, there are four key terms:
The result of the application of a mathematical function to any content—such as passwords. It is done to avoid clear and direct text storage, encrypting it and ensuring greater security. That way, when a password is entered on a website that uses this type of system, the data is transformed into a hash and compared with the one that was previously stored.
A credit card’s first six digits, representing the issuer or bank, used for identifying the data.
Acronym for “credit card.” It is the complete number on the front of the card.
CVV ou CVV2
Acronym for Card Verification Value. It is the three-digit number on the back of the card. It’s a code that works as a password in online transactions.
Risks on the deep and dark web
Inaccessible through search and indexing mechanisms, the deep web is marked by risks, primarily data leaks. The same scenario occurs on the dark web, which is accessed by specific browsers such as the Tor network.
Threat Intelligence: the strategic understanding of the profile and the threat context of an organization, both internal and external, which helps prevent attacks and enables swift and competent response should an attack ever occur. This includes, above all, monitoring the deep and dark web.
In addition to data leaks, two other risks related to the deep and dark web should also be defined, as they may not be so obvious:
Platforms created by cybercriminals for lot testing of captured and/or leaked data. These are used to quickly obtain functional passwords and credit cards—without tracking.
Credential stuffing: the practice of using checkers on passwords. It’s based on the theory that users will generally use the same password more than once. In other words, it’s a way to test one key in several doors.
Fake pages that can result in phishing attacks. These are sold in packages so that a scammer can carry out the website’s complete “administration.” Also known as “phishing kits.”
Caring for the business-client relationship
Considering all the digital risks that you’ve seen above, it’s undeniable that today’s consumer faces an online journey that is full of threats.
Axur’s Digital Risk Protection products employ thousands of bots and artificial intelligence technologies to ensure adequate protection against a multitude of threats. These are helpful solutions for protecting the trust relationship you’ve built with your clients:
- Digital Fraud Discovery: protection against digital fraud and data capture
- Digital Brand Compliance: for proper brand protection
- Sales Abuse Discovery: to avoid wrongful sales and/or digital piracy
- Data Leakage Discovery: to respond to data leakage on the surface web
- Threat Intelligence Discovery: to scan the deep and dark web
- Hashcast™: monitoring of leaked corporate credentials
- Cardcast™: monitoring of credit cards leaked with your company’s BINs