Home / Blogs

Phishing Costs Companies over $411 Million per Alert

Alex Tajirian

Phishing blindsides businesses' best defenses and takes a toll whose price tag still hasn't been pinned down. Here's one estimate: $441 million per attack, according to a recent study of the cybercrime's effect on stock market data (market value, volume of shares traded, and stock volatility) of global firms. The authors use "event studies" techniques (i.e., analyzing the impact of specific types of events on companies' market performance) to analyze nearly 2,000 phishing alerts (emails sent to customers of public companies, or warnings about phony websites trying to dupe customers) by 259 companies in 32 countries over a recent four-year period. (Two side notes: the study finds that phishing hits financial companies the worst, and that it takes a bigger toll on foreign companies' stock prices than on U.S. companies'.)

The authors say their estimate may be on the low side because the study leaves out the targeted companies' indirect costs: providing additional support to victims of the crime, dealing with angry customers, and losing potential customers because of bad publicity.

To counter phishing, the authors say, companies should:

  • Use technology and systems that make it harder to clone their websites at all or that cause duplicates to be easy to spot (because their logos or other design elements will be of poorer quality).
  • Use digital watermarks to validate the legitimacy of their emails and websites.
  • Monitor website traffic.
  • Scan the Internet for fraudulent websites.
  • Join forces with the many anti-phishing organizations that have recently emerged.
  • Work with other ISPs to take down phony sites as soon as possible.
  • Educate their customers about dangers and warning signs of phishing attempts.
  • Concerns about phishing can particularly dampen the demand for financially-oriented new gTLDs such as .BANK, .FINANCE, .INSURANCE, and for .Brands such as .BOFA and .FIDELITY. This wariness may have played a part in the dismal performance of the new gTLDs program.

For its part, the domain name industry should be more proactive in fighting phishing, especially schemes that involve typo domain names. For one thing, the Trademark Clearinghouse (TMCH) database can be expanded to include brand-name typos, whereby before a domain name's registration is finalized, a warning is flashed that the desired name may be a trademark violation and that the mark holder may legally request that you surrender the domain name with no compensation. If the warning is ignored and the registration is completed, the mark owner is notified. Of course, such an automatic right for mark owners requires new legal authorization, but makes it more expensive for infringing registrants. However, the added cost of monitoring by mark owners will be negligible compared to their benefits.

By Alex Tajirian, CEO at DomainMart
Follow CircleID on
Related topics: Cybersecurity, New TLDs
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

Cybersecurity

Sponsored byVerisign

DNS Security

Sponsored byAfilias

Domain Names

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias

Whois

Sponsored byWhoisXML API