As a company whose mission is to make the Internet a safer place for brands and consumers, over the past weeks we have witnessed a concerning increase in the dangers of the Internet, with bad actors taking advantage of the current global health crisis.
The authority that brands have puts them in a privileged position to fight back and help their loyal customers who trust them to stay safe.
Now, it’s not only the time to stay safe at home, but we all need to be very cautious about our online activities as the current chaos presents a golden opportunity for the bad guys to profit from.
This blog aims to raise awareness of the growing dangers on the Internet, provides advice on how to stay safe from them and by extension keep your brands’ customers safe.
To exploit the uncertainty of the moment and the population’s fear, scammers have registered a high number of domains containing the word Corona.
Spamhaus is an organization fighting spam and scammers worldwide that reported this increase of domain registries on February the 28th via their Twitter account.
Where there’s fear the miscreants will try to profit! See the number of newly registered domains containing “corona” this year. We’re not convinced the 450 registered yesterday are all legit!!! #Coronavirus #ThreatIntelligence #zrd pic.twitter.com/RYwvXolIIO
— Spamhaus (@spamhaus) February 28, 2020
As you can see from the graphic on their tweet, the number of domain registries skyrocketed from the 21st of January and onwards, and it is likely to persist. More often than not, these domains are hosting websites containing malware or engaging in phishing and other criminal activities taking advantage of unsuspecting users.
We have also detected an increase of phishing emails to professional emails from alleged “service providers” attaching fake invoices. These files try to scam people to pay fake invoices, and in the worst case may contain malware.
The amount of scams on messaging apps and social media has also risen. These offers are often reproduced by fake social media profiles and websites impersonating brands. On the image below you can see a phishing scheme exposed by maldita.es impersonating a popular spanish supermarket:
Image credit and many thanks to maldita.es
A popular Spanish site maldita.es ran by a non-profit organization whose volunteers fight against disinformation by fact checking any news that users send them, have identified similar scams for Netflix giving free subscriptions, internet companies giving free service or the United Nations giving free food after filling in forms, for instance.
First and foremost, instruct and train your employees, since this might pose a significant risk of opening a security breach if companies’ computers or other equipment gets infected with malware. Especially since IT teams might be working from home and have no physical access to the company’s hardware.
Keep an eye on every domain that you get a link for, and report them to Google, this should flag these websites and trigger manual checks by Google employees which should get these kinds of websites removed from their index.
Make sure you navigate in secure pages (HTTPS) that display a little padlock before the URL. Any non HTTPS web page that asks any kind of information from you should be considered unsafe.
Other common telltale signs are the quality of the images the site is using, existence of grammar and/or spelling mistakes, and last but not least social media profiles, since most of the genuine brands and websites will try to maintain a healthy presence on multiple social media sites.
Companies around the world are decreasing their activities because of the COVID-19 outbreak. Factories might be producing less and some companies paused their activities or, sadly, closed their businesses and/or laid off many employees.
This reduction in activities favours counterfeiters who can provide offerings for this demand that did not decrease, but rather shifted to online channels.
In our recent market research about the impact of COVID-19 on consumer behaviour we found that:
If you wish to read the full market research, you can download it here.
Continuing to fight these products on marketplaces, social media sites and other fraudulent ecommerce sites consistently will be critical to prevent brand abuse.
Now that consumers are shopping online more, your brand is more exposed than ever.
Since we have plenty of blog posts that cover these topics in more depth, you will find these posts useful:
Having a brand protection software will help, as technology will allow you to scale your efforts and be able to tackle this problem in a more agile and cost effective way.
There have been reports of people buying first necessity products and reselling them at a much higher price on marketplaces for a quick profit, as this eBay listing called out in Twitter by SEO & content marketing consultant Stacey MacNaught:
If you buy up baby formula you don’t need in supermarkets in order to sell it on eBay at massively inflated prices, you are an asshole of the highest order and deserve all the bad reviews you get. pic.twitter.com/ttqwe1QvoS
— Stacey MacNaught (@staceycav) March 29, 2020
Even if this is technically not a crime it’s for sure ethically questionable and consumers should be aware of this when shopping for these products online.
We have also found examples where some companies have pivoted to sell these types of products that were not in their catalogue before, such as printer ink companies selling toilet paper, when it started to get low on stock, in some cases tripling the usual price for the product and going as far as advertising them on Google Ads.
Brands do have one single way to counteract these bad actors, step up their marketing efforts and do not allow these listings to outrank them on Google Search or marketplaces, either organically or with advertising.
Unfortunately, there’s not much you legally can do since anyone can sell anything at the price he or she sees fit.
However, in case you find some of these listings on Google ads you can report them as they break Google ads policies, quoting this policy page:
The following is not allowed:
Content that potentially capitalizes on or lacks reasonable sensitivity towards a natural disaster, conflict, death, public health emergency, or other tragic event.
Examples (non-exhaustive): Appearing to profit from a tragic event with no discernible benefit to users; price gouging or artificially inflating prices that prohibits/limits access to vital supplies; sale of products or services (such as personal protective equipment) which may be insufficient for the demand during a sensitive event; using keywords related to a sensitive event to attempt to gain additional traffic.”
On social media sites you can also report these kinds of listings and posts.
Most of the publishing industry relies on receiving clicks to monetize their traffic with display ads and these websites are enjoying a golden age, with more eyeballs than ever before in front of screens.
There is absolutely no problem with this, still we all know of yellow press and low quality publications that might take it a little too far to gain those clicks, not to mention individuals or organizations trying to manipulate opinions in favour of their own agendas.
Since the news is a fast moving industry and whoever reports the news first wins the game, fact checking can be foregone by publishers that might not be too strict on their procedures. Inaccurate information posted by individuals can easily scale up into bigger publications if they do not check the facts behind the information. This process is better explained in the book “Trust me, I’m lying. Confessions of a media manipulator.” by Ryan Holiday.
To better explain the scale of this problem, only in Spain, the Spanish National Police have detected 1.5 million fake social media accounts created to distribute fake news about the COVID-19 and manipulate opinion in favour of the personal agendas of their creators. As reported by the Chief Commissar at the Spanish National Police during the press conference on Sunday April 5th (audio in spanish).
In a time like this, non accurate information can be very dangerous and contribute to increasing the stress of many people which has been proven to damage mental health.
There is nothing like knowledge and hard facts to counteract misinformation.
As brands, we have a position of authority and any information endorsed by us automatically gains trustworthiness on the consumer’s eyes, this is why all brands should be extra careful with the information they share.
“The worst thing to do in a time of chaos is add to it.”
Kevin Chesters and Simin Radmanesh said this in their article “Brexit and brands” published at ogilvy. Even if this article was written for Brexit, it perfectly applies to these times.
Use only sources who are reliable and trustworthy, with strict adherence to fact checking procedures. Some examples might be:
Be sure to check any piece of information before sharing it.
Bad actors are always trying to take advantage of Internet users for their profit, but in a time of crisis such as the one we are living in, this presents a golden opportunity to increase their earnings. As more people are stuck at home nowadays, and relying on the Internet for shopping and entertainment, combined with the decrease in activities by many legit companies, creates the perfect storm for the bad guys to profit.
Where the world sees an international catastrophe these bad actors see profit, that’s why brands and individuals, especially those whose mission it is to make the Internet a safer place such as Red Points, Spamhaus or Maldita.es are more needed than ever, not to forget the Police around the globe and their cyber security divisions.
As a closing line, we could not end this blog post without acknowledging and thanking every person and organization fighting back and especially, the first line of defense, all healthcare workers.