Online counterfeiting – part 2

This post follows on from part one which is here



Your company has realized that actually online counterfeiting is an issue, so what next  ? Well the next step could be go and grab some data and see how large or small the problem actually is.

Getting the data

Let’s take a scenario ..your company sells a product that is being counterfeited and sold online a global eCommerce site. You want to get a list of the sellers of the counterfeited goods to give to your legal team

Right so there are a couple of ways to do this

  • Get a human to sit down once a week, log on to the ecommerce site , search the site for your brands and copy and paste the results into say an excel file
  • Use an automated system to regularly do the above

The first option is going to work if you have the human resources or there are only a few sellers and adverts. However I would argue the second option works better if you have many sellers with many adverts, you do not need extra resources but it also has some extra benefits.

The automated system

First you need what is known as a web scraper. These come in many shapes and sizes from DIY programming  to ‘data as a service’ which is outsourced web scraping from which data is delivered to you. There are a number potential issues to be aware of running a web scraper in-house which we will go into in a later article.Whatever type of web scraper  you take it should be easy to automatically schedule daily or weekly to search for the latest adverts.

Before we move to the next part there are a couple of things to highlight. The web scraper compared to a human has the ability to scale across many sites and eCommerce platforms and collect the data in an organised format. 

Next you need is somewhere to store these results. It could be an excel sheet that you send somewhere in your company each week but I would suggest something a little smarter .. data analysis

Data Analysis

Essentially all this means is put your data into a database and run analytics across the data. This has many advantages , some of which are listed below

  • You keep all the historical stuff. You can get a timeline of when a particular seller is putting adverts online. Are they regularly putting up adverts or are they waiting for a particular high season , or were they just a one off seller
  • You can see hotspots of adverts. Is a particular time of the year more important than another
  • Who are you top sellers of counterfeiters ? These may be the ones to send to Legal as high priority
  • You easily get metrics over the full amount of data in the database . How many counterfeits were taken off the market this year ?
  • Collect intelligence for identifying sellers. Are counterfeited being products sold a certain percentage lower than the official price compared to say someone selling second –hand ?

All parts of the system could be out-sourced, in-sourced or a combination of the two. It just depends on the resources you have and of course budget 

The next post will look at how to build a system and the potential costs 

Hacking then phishing – kicking a person when they’re down!

Today we’re going to highlight two issues for the price of one. Not bad for a Monday!

Firstly we have the recent admission by British Airways that criminals had hacked their website and personal details – including bank card numbers – of about 380,000 customers had been compromised. To add insult to injury, it took them 15 days to realise then warn customers so they can take action, by which time a huge amount of fraudulent transactions could have been conducted by the criminals and whoever they sold the card data to. If only they had an effective Security Operations Centre like other multi-national (really should) have!

Secondly, the fact that BA contacted their customers by email – and the possibility of this being exploited by other criminal groups – was debated by my fellow security professionals last week, so I thought I’d check my spam folder in my personal email account. Imagine my surprise when I spotted the attached message! It took a few moments but we found a few indicators of a phishing email (“return to” address was very suspicious, suspicious hyperlinks not going to BA website, minor grammatical errors in text, the promise of two freeplane tickets being unrealistic for half a million customers, etc.).

Would you have spotted it?

So there we have it, a quick and simple introduction into how one criminal group can quickly jump on the bandwagon and exploit another criminal group’s actions, praying on people easily exploited as they’re placed under pressure dealing with the first problem. Talk about kicking a person when they’re down!