Brand Abuse, Digital Fraud, Data Leakage, Sales Abuse, Threat Intelligence

Digital Risk Dictionary (for businesses and consumers)

By Andre Luiz R. Silva on
SHARE

One-click purchasing and email marketing are just two indications of the new online consumption era, which also includes digital security trends. These days, companies in fact strive to protect the consumer’s shopping journey, removing obstacles and dangers. To put this scenario into perspective, a good first step is to understand it. That’s why we have compiled a dictionary of current digital risks.

 

Digital risks: why you should be concerned


A digital risk that affects brands and consumers is one that causes financial damage—sometimes in the millions—and that is outside the perimeters of the company’s operations. In technical terms, this represents everything that goes on “outside” the firewall protection. 

With this in mind, let’s take a look at three key concepts that are significant in the field of digital security. Then you will be able to grasp the full extent of the 21 threats and terms, grouped into four types.


Firewall

A device that evaluates the entrance and exit of data in a network according to specific criteria, providing control and protection. There are a variety of types, and it has become indispensable in managing security incidents.


Digital Risk Protection

The part of security that acts outside the firewall’s perimeter, mitigating digital risk. It is based on awareness that the consumer’s journey can be affected by countless cybercriminals and fraudsters at all levels of the Internet, therefore requiring programs for monitoring and response.


Digital compliance

Compliance is risk management (of every kind) in business management. In its digital and online aspects, it requires a very proactive and attentive stance toward internal and external security problems, which are covered by a Digital Risk Protection solution.

 

Digital fraud and data capture


Phishing

A fake and fraudulent website created to capture personal data, such as passwords and credit card numbers.

Spear phishing: a type of phishing attack that’s directed toward a specific person or company.


Malware

Malicious software created to alter, damage or collect data from a user or system.


Command and Control (C&C)

A server that controls computers infected by malware, thereby stealing data and disseminating the fraud.


Redirect

A URL that redirects the user to a phishing scam, malware or other malicious artifact.


Pharming

Manipulation of the Domain Name System (DNS) to capture data. The name is derived from “phishing” + “farming.” It can occur in two ways:

  • Rogue DNS: A DNS server created for malicious purposes to steer users to a fake website. Normally configured through malware or by an external attack on a vulnerable router;
  • DNS Poisoning: poisoning of a DNS that sends many users to a fake website.

 

Fake coupon/promo code

Websites that collect data and require sharing with other users in exchange for “promotions.”


PAC (Proxy Auto-Config)

Proxy alterations in the browser that lead to a phishing attack.


Proxy Scam

Malicious proxy configured via malware in the browser or operating system.

 

Misuse or fraudulent use of a brand


Fake social media profiles

Pages that misuse brand names, customers and/or images. They disseminate fraud, fake employment opportunities and phishing.


Similar domain names

Websites registered using cybersquatting. Due to their similarity to legitimate names, these are likely to host malicious content.


Fraudulent apps

Cellphone apps using the brand in official stores can lead to phishing attacks or malware. But unofficial stores, which offer outdated versions of a legitimate app, are even more dangerous, since outdated apps may contain security flaws. 


Digital fraud

Fake finance company pages that are aimed at collecting personal information or deceiving potential clients with “fees” for credit clearance. This fraud can occur through the use of a brand and/or data such as a registered federal Employer Identification Number.


Digital piracy and unauthorized sales

Illicit online marketing of counterfeit products or products sold through unofficial vendors. This type of scam is predominant in e-commerce marketplace websites (including those in social networks).

 

Data leakage


Wrongful exposure of confidential data, from businesses or consumers, in online environments. It occurs on the surface web as well as on the deep and dark web. The data leaked is primarily:


In protecting against data leakage, there are four key terms:


Hash

The result of the application of a mathematical function to any content—such as passwords. It is done to avoid clear and direct text storage, encrypting it and ensuring greater security. That way, when a password is entered on a website that uses this type of system, the data is transformed into a hash and compared with the one that was previously stored.


BIN

A credit card’s first six digits, representing the issuer or bank, used for identifying the data.


CC

Acronym for “credit card.” It is the complete number on the front of the card.


CVV ou CVV2

Acronym for Card Verification Value. It is the three-digit number on the back of the card. It’s a code that works as a password in online transactions.

 

Risks on the deep and dark web


Inaccessible through search and indexing mechanisms, the deep web is marked by risks, primarily data leaks. The same scenario occurs on the dark web, which is accessed by specific browsers such as the Tor network.

Threat Intelligence: the strategic understanding of the profile and the threat context of an organization, both internal and external, which helps prevent attacks and enables swift and competent response should an attack ever occur. This includes, above all, monitoring the deep and dark web.


In addition to data leaks, two other risks related to the deep and dark web should also be defined, as they may not be so obvious:


Checker

Platforms created by cybercriminals for lot testing of captured and/or leaked data. These are used to quickly obtain functional passwords and credit cards—without tracking.

Credential stuffing: the practice of using checkers on passwords. It’s based on the theory that users will generally use the same password more than once. In other words, it’s a way to test one key in several doors.


Fake screens

Fake pages that can result in phishing attacks. These are sold in packages so that a scammer can carry out the website’s complete “administration.” Also known as “phishing kits.”

 

Caring for the business-client relationship


Considering all the digital risks that you’ve seen above, it’s undeniable that today’s consumer faces an online journey that is full of threats.

Axur’s Digital Risk Protection products employ thousands of bots and artificial intelligence technologies to ensure adequate protection against a multitude of threats. These are helpful solutions for protecting the trust relationship you’ve built with your clients:

event-image

ESPECIALISTA CONVIDADO

Eduardo Schultze, Coordenador do CSIRT da Axur, formado em Segurança da Informação pela UNISINOS – Universidade do Vale do Rio dos Sinos. Trabalha desde 2010 com fraudes envolvendo o mercado brasileiro, principalmente Phishing e Malware

AUTHOR

Andre Luiz R. Silva

A journalist working as Content Creator at Axur, in charge of Deep Space and press activities. I have also analyzed lots of data and frauds here as a Brand Protection team member. Summing up: working with technology, information and knowledge together is one of my biggest passions!