An Australian-developed web discovery service aims to help brands find rogue and scam websites that incorrectly use brand assets, anywhere on the web.

Australian security consultancy Securus Global has entered the online brand protection space with its Australian-developed web discovery service, Securus Scorpion Managed Service.

A web discovery service built in-house by the firm’s security professionals, the tool searches the internet to generate a report that identifies sites carrying non-compliant branding and sites illegally using an organisation’s brand, such as phishing sites.

It’s been designed to save organisations money by protecting against reputational damage, compliance issues or lost revenue from unauthorised or illegally branded websites.

Organisations are then able to shut down non-compliant sites or take them in-house to bring them into line with corporate guidelines, or alert authorities to illegal phishing websites.

The scans take two to three days, and are typically conducted quarterly. From scan to scan users can see which sites have changed, which new sites have been generated, and which have yet to be taken down. It also detects whether a website has changed its IP address but not its content.

Securus Global CEO, Chris Williams says there are two kinds of websites the Securus Scorpion Managed Service is designed to detect.

“The first application is where websites are spun up by business units within the organisation, or partner marketing campaign microsites which may not be compliant with official branding and security guidelines as mandated by the organisation,” he says.

“The second is phishing websites intended to lure unsuspecting site visitors into providing personal information or financial details.”

The service can scan externally-hosted sites the client owns, social media platforms, mobile app stores, directory listings, search engines and government websites.

Illegitimate sites

Everyone’s received these emails: a message from a bank, file-sharing service or online store.

Scammers set up a fake web site which looks very similar to the company site and email unsuspecting ‘customers’ who then log onto the site, sometimes to pay for goods and services that aren’t delivered.

“Who does the customer call looking for the goods or service or a refund? The company, of course,” says Williams.

If the fake website manages to gain email log-in details, it can be the beginning of an identity theft episode as the scammer uses access to an email account to access a person’s other accounts, such as online banking.

Another common type of illegitimate sites is those that look legitimate and sell counterfeit copies of the company’s products to unsuspecting customers. “Think about knock-off designer handbags or ‘cheap’ Disney films. This can amount to a massive amount in lost revenue.”

Shadow IT

A less malicious but still damaging syndrome is that which arises when internal business units or partners bypass internal controls and set up a website outside of the company domain or not in accordance with brand guidelines.

“This is known as the ‘shadow IT’ syndrome,” Williams says. “There are two possible outcomes with this scenario: the company’s security defences are compromised allowing a breach to occur with potential loss of proprietary or protected data, or the shadow website does not comply with branding requirements, and may look amateurish, use inconsistent slogans and logos and therefore diminish the brand in some way.”

Pricing for the subscription-based service is set according to the market capitalisation of the business.