Anti-Fraud Image Solutions
The Use of Distribution Tracing Within Web Content to Identify Counterfeiting Sources
Published: April 2009

PDF Version
PDF Version

Many of today’s more successful Internet-based fraud tactics require the counterfeiting of popular transactional Web sites such as financial portals, stock-trading platforms and online retail sites. For the fraud to be successful, the cyber-criminal must typically clone most, if not all, of the targeted site’s content and host the counterfeit site on a Web server under their control. With some minor modifications to the underlying HTML code and changes to the application logic, the cyber-criminal will seek to steal the personal authentication or authorization credentials of unlucky victims who fall to the counterfeit site. Armed with these credentials, the cyber-criminal will subsequently attempt to defraud the accounts of their victim.

The major subclass of this attack is often referred to as “phishing” and typically targets the customers of major financial organizations; with the cyber-criminals end-goal being the removal of monies from their victim’s bank accounts. However, over time, phishing attacks have increasingly targeted a broader range of online consumer.

One key problem facing organizations targeted by these cyber-criminals is the identification of the perpetrators. While it is sometimes a simple task to shut down or have removed a counterfeit site, it is much more difficult to uncover the identity of those responsible for its creation.

Since the counterfeit sites are predominantly clones of a legitimate site, there are a number of techniques that can be employed by an organization to essentially “embed” a key in to the duplicated content which can then later be used to trace back to the original source of the content.

This whitepaper provides an overview of the techniques available to organizations that wish to undertake such identification activities – evaluating the pro’s and con’s of the various mechanisms and providing advice on how to employ this class of investigative technology.

    Copyright 2001-2009 © Gunter Ollmann