Enhancing Digital Trust - Strengthen Websites
Published on October 16, 2022
Organisations have been fighting everyday to ward off phishing attacks. Largely the focus has been increasingly towards enhancing email security and user awareness. Cybercriminals have been adept in faking organisation websites and using it for Phishing Campaigns. For enhancing and ensuring continuous faith in brands, organisations have to work on building digital trust. One of the important area for consideration is around ensuring organisation web assets are not cloned.
Why does cloning happen?
- Valid backup for administrative purposes
- Developers backing of existing sites and building new website (s) by using existing site as template
- Competition ruining the organisation leverage
- Criminals wanting to ruin the brand or use it for nefarious activities (Phishing as a starter and much more than this )
- Third parties trying to make a quick buck by replicating the contents and hoping search engines directing of the real traffic to the cloned site and make some quick bucks
Consequences of unauthorised website cloning (leaving #1, 2 in the above section)
- Intellectual property theft
- Sensitive Data theft (Many websites contain personal information which gets extracted by the criminals, when they clone the website and for which they will not have consent to obtain the information)
- Criminal abuses
- Unfair competition
- Affects search engine results rankings
- Hurting the brand reputation and trust of the users (you may have to inform your users and authorities if you find the cloned websites and if you suspect personal information may be misused or extracted)
Prevention strategies
- User agent restrictions (to prevent headless agent access)
- Restrict the connection limits
- Perform cookie validation
- Use of noindex metatag in your website
- Making use of rel=cannonical tag in the HTML elements will signal the search engines to treat the specific pages as the master copy
- Use robots.txt to communicate to scrapers/search engines to respect the site decision not to allow scanning in specific folders
- Invest in Anti bot detection
- Invest proactively by buying same domain with different suffixes (for example if you own xyz.com and if your organisation website, hosted on the domain buy xyz. net , xyz.org etc) and redirect the traffic of those domains with alternate suffixes to the organisation main site(s)
There are several methods which can be adopted at the website programming/scripting end which can make the whole cloning exercise complex, however that harms and slows the website for the regular business users and make the development efforts of websites incrementally complex. Please note, none of the above prevention strategies is fool proof, the determined criminal will get past all those gates.
Detection
- Add some sort of script to certain pages or telemetry in the form of certain images which will not get loaded normally by users or administrative staff traffic. One can simplify this by Usage of tools like canary token preferable using your own instances (it is beyond the websites though from scope of these tools)
- Consume services from providers like google for alerting websites being replicated, images being used elsewhere. There are very robust services in the market too which are exhaustive than limiting to specific triggers
- Extensively link between various pages and other organisation domains you might have. in case websites get replicated, you will start seeing requests/ redirect requests from systems you were not owning
- Usage of services like DNStwister can help in identifying similar looking website names with potential for copied content to come up or introduce malicious links . Comprehensive takedown service providers provide this type of service together as a package
Containment & Remediation
If you notice any cloning of your website you can
- Block the IP address through any of the channels including firewall/block list in WAF/web server
- Take down the cloned site by contacting the internet service provider -this is far more easier by going through a take down service provider rather than going through the process yourselves
Legal Measures
- Apply for copyright for your websites and relevant original contents (In many geographies copying or cloning of websites is illegal. it is better to register the website & contents for appropriate copyright so that legal actions can be initiated as need be)
- Update the terms and conditions of the website and usage
Can you think of any other methods to handle the cloning of websites? Does your organisation take any other approach to handle this issue?