Home / Blogs

Phishing Costs Companies over $411 Million per Alert

Phishing blindsides businesses' best defenses and takes a toll whose price tag still hasn't been pinned down. Here's one estimate: $441 million per attack, according to a recent study of the cybercrime's effect on stock market data (market value, volume of shares traded, and stock volatility) of global firms. The authors use "event studies" techniques (i.e., analyzing the impact of specific types of events on companies' market performance) to analyze nearly 2,000 phishing alerts (emails sent to customers of public companies, or warnings about phony websites trying to dupe customers) by 259 companies in 32 countries over a recent four-year period. (Two side notes: the study finds that phishing hits financial companies the worst, and that it takes a bigger toll on foreign companies' stock prices than on U.S. companies'.)

The authors say their estimate may be on the low side because the study leaves out the targeted companies' indirect costs: providing additional support to victims of the crime, dealing with angry customers, and losing potential customers because of bad publicity.

To counter phishing, the authors say, companies should:

  • Use technology and systems that make it harder to clone their websites at all or that cause duplicates to be easy to spot (because their logos or other design elements will be of poorer quality).
  • Use digital watermarks to validate the legitimacy of their emails and websites.
  • Monitor website traffic.
  • Scan the Internet for fraudulent websites.
  • Join forces with the many anti-phishing organizations that have recently emerged.
  • Work with other ISPs to take down phony sites as soon as possible.
  • Educate their customers about dangers and warning signs of phishing attempts.
  • Concerns about phishing can particularly dampen the demand for financially-oriented new gTLDs such as .BANK, .FINANCE, .INSURANCE, and for .Brands such as .BOFA and .FIDELITY. This wariness may have played a part in the dismal performance of the new gTLDs program.

For its part, the domain name industry should be more proactive in fighting phishing, especially schemes that involve typo domain names. For one thing, the Trademark Clearinghouse (TMCH) database can be expanded to include brand-name typos, whereby before a domain name's registration is finalized, a warning is flashed that the desired name may be a trademark violation and that the mark holder may legally request that you surrender the domain name with no compensation. If the warning is ignored and the registration is completed, the mark owner is notified. Of course, such an automatic right for mark owners requires new legal authorization, but makes it more expensive for infringing registrants. However, the added cost of monitoring by mark owners will be negligible compared to their benefits.

By Alex Tajirian, CEO at DomainMart

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

 Be the first to post a comment!

Add Your Comments

 To post your comments, please login or create an account.

Related

Topics

Domain Names

Sponsored byVerisign

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byIPv4.Global

New TLDs

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byAppdetex

Whois

Sponsored byWhoisXML API

Cybercrime

Sponsored byThreat Intelligence Platform