<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Free Quickscan →
Cybersprint Digital Risk Protection Platform

The Cybersprint Platform

We’ve developed a unique Digital Risk Protection SaaS-platform that works 24/7 as an automated ethical hacker, continuously in search of online vulnerabilities. Read more

Cybersprint provides realtime insights

Make the world more cyber-secure

Cybersprint protects organisations by providing real-time insights into their online footprint. Read more


Help, where's my revenue?

by Cybersprint Blog 14 Oct 2019

It looks like your website. It feels like your website. It even works like your website. There’s just one problem: it’s not your website. It’s a fake, set up by cyber crooks to defraud your loyal customers by taking their money and delivering fake goods, or perhaps nothing at all. Not only does this kind of fakery have a damaging impact on your brand’s reputation, it also costs millions of dollars per year. And perhaps the most worrying thing of all is that setting up this kind of criminal enterprise is surprisingly easy to do. So what kind of solutions are there?

Fake websites: easy does it

A few years ago, setting up a realistic fake online shop required a lot of coding knowledge. Today, it’s just as easy to buy a pre-built website kit on the dark web, or to use legitimate website building tools such as Shopify to set up a fake web shop in minutes. And if it’s discovered? The creator can take it down and create a new one just as easily.

Hard to spot

But identifying such a fake site is not always simple. For example, the 2019 Webroot Threat Report¹ found that 40% of malicious URLs were found on good domains. This means that legitimate websites are being compromised to host malicious content. Not only that, the ability of the scammers to closely mirror the look and feel of genuine websites is improving all the time. They are also becoming increasingly adept at using legitimate communication methods such as Facebook ads or email phishing campaigns to entice people to visit their fake stores.

Real products, illegal payments

A store front that takes money without delivering goods is one thing. But there are many more sophisticated versions of the fake ecommerce scam out there. One increasingly popular technique is called triangulation, and it works like this:

  1. You, as a consumer, buy a product from a web shop that you think is real, but is actually fake. 
  2. The scammers behind the fake web shop receive your order and use other person's stolen credit card credentials to purchase your requested product from another, real web shop, and have the product shipped to your address. From your point of view, everything works out fine. 
  3. However, the payment handler of the real web shop is eventually notified of the fraudulent transaction when the credit card e.g. is reported as stolen. They are then left with no revenue for the product that has shipped. 
  4. Now, the scammers still have the money they received from you, but the real web shop is left with no revenue for the product that was shipped. 

So, what can online retailers do to fight back? 

NTDS: Killing fake sites quickly

Trying to put fake sites out of business by going through the usual legal channels takes too long and costs too much. Fortunately, there is a better option. Automatically scanning the internet for channels, advertisements and subdomains linked to an organisation’s brand is the first and most important step to tackle the issue. It provides an accurate, bigger picture of all assets that carry (a connection to) your brand. You can see which ones are actually yours, and which ones are not. These solutions are part of Digital Risk Protection.

Good Digital Risk Protection solutions offer ecommerce businesses the ability to constantly discover and assess assets for their brand, and file takedown requests for the fake versions of their websites when required. Known as notice and takedown services (NTDS), these solutions identify the fake website and then contact the relevant online service providers to ensure they remove the supporting pillars that are keeping the site online. These service providers can include:

  • Web hosting provider
  • Email hosting provider
  • DNS hosting provider
  • Domain registrar
  • Social media platform operator

Importantly, providing the right evidence for removing the supporting elements is enough to shut down the fake web shop. But vigilance has to be constant, requiring continuous risk monitoring. New counterfeit sites spring up on a daily basis, especially when it comes to the bigger, more valuable brands.

Do you want to know who is threatening your organisation? Cybersprint can help you protect your resources and reputation. We offer online retailers a free Quickscan of their digital footprint, which easily identifies fake websites that are costing you money, right now.

Get your free Quickscan

1 2019 Webroot Threat Report

Mitre PRE-ATT&CK: What is it and how to use it

One of the best ways to improve your digital security is to let the past help prepare you for the future. Knowing the tactics threat actors have used in other cyber-attacks will help you determine what you should protect your systems from. Luckily, you needn’t figure that out by yourself. Mitre has created frameworks of the many different ways cyber-attacks have been orchestrated in existing use cases. Here’s how you can use this information to strengthen your cyber-resilience. What is the Mitre PRE-ATTACK framework? Mitre is an American organisation conducting federal-funded research into various markets with the aim to create a safer world through their research. Cybersecurity is one of those markets. To help organisations understand where their might need to focus more security resources on, they created two matrices of all techniques cyber-criminals have used to set up and execute attacks in the past. These are called the ATT&CK and the PRE-ATT&CK frameworks. Even though the ATT&CK framework is most well-known, we see a shift occurring, as PRE-ATT&CK is starting to step out of the shadow of ATT&CK with a more specific focus. Whereas the ATT&CK framework concentrates on the steps taken once an attack is launched, the PRE-ATT&CK framework focusses on the preceding preparation phases, allowing organisations to predict and prepare for attacks before they happen. Mitre’s frameworks match with other models, helping to frame the extensive matrices. To illustrate how PRE-ATT&CK differs from ATT&CK, we’ve plotted the frameworks in the ‘7 stages of the cyber kill chain’, as created by Lockheed Martin. All steps needed to execute a cyber-attack can be divided over these seven stages. As shown below, the first two stages are broadly covered by Mitre’s PRE-ATT&CK, and the other five by the ATT&CK framework. How to apply PRE-ATT&CK Preventing an attack is far more cost-effective than having to repair damages to IT systems, let alone the financial or reputational impact it can have. It is hard and expensive to determine the impact of an attack with IT forensics and replacing infected systems can have a negative effect on overall business productivity. Incorporating an automated outside-in perspective of your brand’s online exposure allows you to discover vulnerabilities in the same way an attacker might look for entry points into your IT infrastructure. This approach empowers you to regain control over your digital attack surface and mitigate risks before they can be exploited. This approach is called digital footprint management and can be placed under the concept of Digital Risk Protection. Below is an overview of Mitre’s PRE-ATT&CK framework. The complete matrix is a little too large to be read in detail, so a deep dive into the content is available via this video. The highlighted fields represent the areas covered by Digital Risk Protection and digital footprint monitoring. The light green indicates partial coverage and deep green full coverage. Combining the PRE-ATT&CK framework with your existing security procedures can help you identify potential threats and weak spots in your systems. Still, you first need to have a complete overview of your organisation’s digital assets before you can confidently say where you are more likely to be hit. That’s why the digital footprint approach works so well with PRE-ATT&CK. Having both will help you determine and validate where you might have underspent or overspent on security measures, for example. Besides improving the cyber-resilience of your systems, incorporating the Mitre PRE-ATT&CK framework in the organisation’s digital footprint will bring more business value to the organisation as a whole. This whitepaper explains the PRE-ATT&CK framework in more detail, and describes the specific ROI for your organisation. Looking for a comprehensive clarification of the security tactics described above, explained with actual use cases? Watch our recorded webinar. Sebastiaan Bosman is Content Marketeer at Cybersprint. With a   background in Communications and Linguistics, he is responsible for   the creation and editing processes of most internal and external   communication. He writes content such as blogs, whitepapers and   case studies, primarily based on Cybersprint’s own research data.   Previously, Sebastiaan worked as Content & Communications   Advisor at ING Global.

read more

From practice to preventing: How criminals adapt their attack methods

Similar to traditional ‘brick-and-mortar criminals’, not all cyber-criminals employ the same method to reach their goal. A burglar wouldn’t enter a house with an alarm or when there are people inside, but go for an easier opportunity. The same goes for internet-thieves. Their risk/reward balance depends on the required investment beforehand to successfully carry out their attack. What are the aspects they take into consideration?

read more

Use case: footprint mapping at ifm electronics

Interview with Kevin Kampeter, IT Security Specialist at ifm electronic gmbh.

read more

Do you have a question?

Our experts have the answers

Contact us