Home / Blogs

Phishing Costs Companies over $411 Million per Alert

Phishing blindsides businesses’ best defenses and takes a toll whose price tag still hasn’t been pinned down. Here’s one estimate: $441 million per attack, according to a recent study of the cybercrime’s effect on stock market data (market value, volume of shares traded, and stock volatility) of global firms. The authors use “event studies” techniques (i.e., analyzing the impact of specific types of events on companies’ market performance) to analyze nearly 2,000 phishing alerts (emails sent to customers of public companies, or warnings about phony websites trying to dupe customers) by 259 companies in 32 countries over a recent four-year period. (Two side notes: the study finds that phishing hits financial companies the worst, and that it takes a bigger toll on foreign companies’ stock prices than on U.S. companies’.)

The authors say their estimate may be on the low side because the study leaves out the targeted companies’ indirect costs: providing additional support to victims of the crime, dealing with angry customers, and losing potential customers because of bad publicity.

To counter phishing, the authors say, companies should:

  • Use technology and systems that make it harder to clone their websites at all or that cause duplicates to be easy to spot (because their logos or other design elements will be of poorer quality).
  • Use digital watermarks to validate the legitimacy of their emails and websites.
  • Monitor website traffic.
  • Scan the Internet for fraudulent websites.
  • Join forces with the many anti-phishing organizations that have recently emerged.
  • Work with other ISPs to take down phony sites as soon as possible.
  • Educate their customers about dangers and warning signs of phishing attempts.
  • Concerns about phishing can particularly dampen the demand for financially-oriented new gTLDs such as .BANK, .FINANCE, .INSURANCE, and for .Brands such as .BOFA and .FIDELITY. This wariness may have played a part in the dismal performance of the new gTLDs program.

For its part, the domain name industry should be more proactive in fighting phishing, especially schemes that involve typo domain names. For one thing, the Trademark Clearinghouse (TMCH) database can be expanded to include brand-name typos, whereby before a domain name’s registration is finalized, a warning is flashed that the desired name may be a trademark violation and that the mark holder may legally request that you surrender the domain name with no compensation. If the warning is ignored and the registration is completed, the mark owner is notified. Of course, such an automatic right for mark owners requires new legal authorization, but makes it more expensive for infringing registrants. However, the added cost of monitoring by mark owners will be negligible compared to their benefits.

By Alex Tajirian, CEO at DomainMart

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

DNS

Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign