APPROACH


WE MAN THE GAP

We stand in defiance of the unwanted malicious presence within a web browser by attacking the root of the problem — preventing the adversary’s ability to hijack your customer’s web browser, redirecting the consumer, stealing your revenue, and altering your designed site experience.


Client Side Malware (CSM) is the fastest growing sector of cyber crime, designed to hijack and redirect a customer’s browser for affiliate fraud and/or traffic gains. It’s big business and with consumers being none the wiser, they’re often oblivious to the fact that they’ve been compromised, which leads to the 20-30% of client traffic we’ve seen is infected.

THE GAP ITSELF - YOUR CUSTOMER

While most retailers are taking steps to protect their server infrastructure from unwanted BOTs and malicious attacks--- who’s protecting the consumer?


No one.


It turns out consumers are the weakest link and most easily exploitable gap in the chain--quick to open emails, click on malicious links, downloading apps,plug-ins etc which are all designed with a trojan horse that subtly hijacks their web browser by presenting ads, coupons, and competitive product offers, which lead them off of a retailer's site and away from your buy button or replacing your ads with their own. Yet sadly, .005% of the market is aware of this; simply because retailers rarely see their sites via the eyes (and more importantly, the browsers) of their consumers.

HOW BIG IS IT?

E-commerce Sites and Publishers are losing 10-20% in revenue via consumers with hijacked browsers.


Banks and Healthcare companies are losing their customer’s personal, medical, and financial data.


Yes, it’s big.

THREAT INSIGHT

With hundreds of new malware variants hitting the market daily, targeting unsuspecting consumers, we are the pioneers and innovators leading the ongoing game of cat and mouse.


As former Intelligence, Cyber Defense, eCommerce, and banking leaders, we’ve spent the past 15 years defending critical networks while learning the adversary’s constantly evolving methods and tactics.









BrandLock provides real-time seamless protection to website visitors while they are on your site without them having to install anything. This gives your site a competitive edge vs. your competition who may already be stealing your traffic. One line of code, implemented in 5minutes, and you’re recouping 10-20% of lost revenue, instantly. Conversion rates will increase, bounce rates will drop, and revenue per session will increase.


SERVICES

Brandlock detects & blocks malicious scripts that have infected your customer’s web browser; Hijacking their experience with the intention of redirecting them to competitor sites.

This malware completely hijacks how a retailers' pages are rendered to the customer, with competitive product ads, banners, videos, etc, resulting in a 40% drop in conversion rate increased affiliate fraud, and 5X increase in page load time. Brandlock stops this action all via a single line of java script that can be live in minutes.

In short, your customers leave because they just found a better price or got frustrated with you and your pop up ads and slow page load times. (yes, it’s not you…it’s them….well, ok…their browser.  But go argue that with your customer—they left already.



IMMEDIATE IMPACT


STOP AFFILIATE FRAUD

Eliminate affiliate fraud, where users already on your site, are cookied and sent back to you as an affiliate feed. We’ve found that often 10-20% off Affiliate payouts are fraudulent.

RECAPTURE LOST SALES

Increase revenue 10-15% by eliminating unauthorized ads, competitive product placements and deals/coupons, which redirect customers off your site.

LOSS OF BRAND INTEGRITY

When you’re showing adult ads, cheaper competitor products, and random ads for Viagra, your customers are going to question what you’re up to.

DATA BREACH

Prevent the leaking of sensitive, proprietary, confidential information via the web browser; where some middle man is capturing every key stroke your customer is making.




MALWARE IN ACTION

HOW YOU VIEW YOUR SITE, ISN’T ALWAYS HOW YOUR CUSTOMER SEES IT.

30 DAY FREE TRIAL

Markets

ECOMMERCE

Our IR500 clients are averaging 10-20% revenue increases by recapturing sales previously siphoned away from them. One line of code. No action necessary on their part, other than dropping in one line of JS to their site.

PUBLISHING

Publishers are seeing 10-15% revenue increases by preventing ad revenue theft; where their ads were once being replaced by alternative ads within the customer's browser which resulted in $0 revenue for those views.

BANKING

Financial institutions are now fully protecting their customers from data breaches w/in the browser while ensuring brand integrity.

HEALTHCARE

Hospitals and leading healthcare companies are now able to close the gap, where consumers were often leaking sensitive, confidential, and medical information via the web browser.

WHO WE ARE

Consumers are being attacked.


Cyber criminals have found that it's getting more and more difficult to directly hack a corporations infrastructure, and they’ve moved on to a much more lucrative target - your customer - consumers. Consumers present an ongoing annuity model for cyber criminals. They can infect millions of computers, sit back, and collect affiliate paychecks, simply by redirecting your hard earned traffic.


Seeing that cyber criminals were so effective at this, large retailers have also gotten in the game with new browser ad ons designed to ‘compare pricing’. While not illegal, it's somewhat unethical as large retailers are effectively advertising cheaper products and deals to your customers while they’re shopping on your website—all via their web browser. The unethical part is they copy your font, images, colors, etc. to effectively make a ‘related products’ page that re-directs consumers off your site, look exactly like yours. Thus the consumer clicks it, thinking you’re the one offering a better deal. As a retailer, you simply see your bounce rate go up, yet miss the fact that your customer was just stolen from you.


With hundreds of new malware variants hitting the market daily, targeting unsuspecting consumers, we are the pioneers and innovators leading the ongoing game of cat and mouse.As former Intelligence, Cyber Defense, eCommerce, and banking leaders, we’ve spent the past 15 years defending critical networks while learning the adversary’s constantly evolving methods and tactics.


With millions of infected consumers unaware of what’s happening to their devices (phones, tablets, computers) we’re the last line of defense.







NEWS


BROWSER HIJACKING FAQS

WHAT IS IT? HOW BIG OF AN IMPACT DOES IT HAVE? HOW TO STOP IT.


WHAT IS BROWSER HIJACKING ?

Browser hijacking is a form of unwanted software that modifies a web browser's settings without a user's permission and is designed to inject unwanted advertising into the user's browser, often redirecting the user or browser to alternative sites.

Browser hijacking is the result of Client-side malware (CSM). CSM is the fastest growing sector w/in cyber crime and malware deployments. Why not? It’s invisible, easy to infect unsuspecting consumers, and provides an ongoing revenue stream for those deploying the CSM. Also consumers lack a collective voice for which to stand up, making for easy prey that never fights back. Furthermore, why would a consumer fight back as many of these client-side malware deploy in the form of product recommendations, coupons, and deals, which users click on to obtain better pricing. Show me a consumer who isn’t temped by better pricing and you’ll quickly understand why this works so well.

CSM includes unauthorized widgets (competitive products being displayed), ads, and spyware scripts that are injected into websites via extensions that consumers have unknowingly installed via freeware, public Wi-Fi networks, and/or apps installed which often have a trojan horse packed inside. Many of these CSMs are often unknowingly installed, yet legally done so, as consumers rarely read the EULA before checking the ‘yes’ box and downloading.

Client-side malware bypasses traditional server side security measures as the infection is outside of your reach, beyond your control, and resides 100% on the customer's side. The main intention of CSM is to hijack the consumers browser, without making things obvious, while redirecting that user to alternative sites, compromising data, and stealing your revenue.

HOW BIG IS THE PROBLEM, REALLY?

BIG. (but we get it, it’s a problem you can’t really see. That would explain why so many incorrectly assume its small and/or not happening to them.).

Think about it—millions and millions of connected smart devices that can be infected with virtually invisible code. Imagine a smart refrigerator that pings your eCommerce site, where you’re paying out affiliate fees for that traffic. The IP address is real. The ping is real. But there’s no real buyer shopping your site. Same thing happens when the CSM launches a web browser on the infected computer and pings your site at 3am, and again you pay out affiliate commissions.

On average, we’ve found that 20-30% of our client’s traffic has some form of infection w/in the browser.

The problem is growing daily as CSM has spread beyond cyber criminals, where large sophisticated retailers and corporations have figured out they can offer consumers browser based widgets (product recommendations, best deal finders, coupons, etc.) which advertise their products to your customer, while they’re shopping on your site. Not illegal (as the consumer most definitely accepted the EULA), but certainly not ethical.

Stopping this from happening = 10-20% revenue lift for eCommerce sites and 10-15% ad revenue lift for publishers.

So yeah, it’s big.

While we continue to sound the alarm; the conversation can be similar to explaining that the world is round vs. flat. Thus, it’s all about perspective. And since we’re in the weeds, chasing daily changes to CSM, amassing the largest library of variants, delivering results for our clients, etc. we’d say we have the best perspective on the planet.

HOW DO CONSUMERS GET INFECTED?

Way too easy and all too often.

Consumers get infected by downloading various kinds of software, browser extensions, and apps that appear legitimate, yet often have a few trojan horse items packed inside. Just Google for a local weather app, and you’ll see some great examples.

CSM impacts all browsers, on all devices. (phone, tablet, computer, smart devices, etc.)

HOW DO INJECTIONS SHOW UP ON MY WEBSITE?

Technically, they’re not showing up on your website, but rather displaying in the consumer’s web browser and are made to appear like your website by matching fonts, colors, and images you deploy. Thus often consumers assume its you doing it.

Browser hijacking often takes the form of injected malicious scripts, sub frames, etc. into the browser, which place unauthorized ads, cheaper product offers, etc to get paid for clicks/traffic and/or to obtain sensitive information in the case of banks, healthcare, etc.

WHY CAN’T I SEE AD INJECTIONS WHEN I BROWSE MY SITE?

You may not be infected yourself, but easily 20-30% of your customers are. This is usually because corporates do a lot to protect employees, browsers, etc from spam, malware, and malicious viruses. Consumers on the other hand are left to their own devises for detection and defense. Truth be told, consumers do very little to protect themselves and most anti-virus software applications they might install aren’t set up to even begin to look for this.

WHAT IS THE IMPACT ON MY BUSINESS?

Ecommerce Sites - Recoup 10-20% in revenue which is siphoned away from under your nose.

Publishing Sites - Recoup 10-15% in ad revenue which is stolen from you.

Banking - Spyware is capturing personally identifiable information, passwords, account information, etc. with every keystroke the consumer makes. This data is then sold. Your site is then compromised.

Healthcare- Client data, healthcare records, and personal information is exposed via the browser, impacting your brand, reputation, etc. when the leak is made public.

Protecting your server infrastructure is just one piece of the puzzle. Protecting your customer and their web browser is just as important.

HOW ARE MY CUSTOMERS AFFECTED? WHY DON’T THEY NOTICE?

Infected customers will experience your site completely differently from the way you intended. Malware injects competitive product ads, disrupting your customers’ experience, diverting attention and ultimately luring them away with cheaper products, deals, etc. In addition, the ads are annoying. Consider the time it takes to close 4-5 ads on a page. You’re annoyed by that and you leave the site. Additionally, spyware can compromise your customers’ private and sensitive data via click logging tools which capture and transmit ever keystroke your customer makes.

WHAT IS BRANDLOCKS SOLUTION?

Brandlock is like a bouncer at the front of your club, sans the velvet rope and neanderthal looking tough guy. In short, we’re “ smart security”; we compare in real time those authorized scripts running on your site vs. those that might be simulaniously running on your customer’s browser, blocking them in real-time. Installation is as easy as dropping 1 line of code on your site via a tag manager. This code monitors malicious scripts and ties into our algorithm and ever growing database of Client Side Malware.

Brandlock requires zero resources from our clients to run. Simply place a line of JS on your site and you’re up and running. Additionally, there’s zero steps your customers have to take as well. This solution does not require them to download or install anything; they simply benefit from your protecting them.

HOW DO I DEPLOY BRANDLOCK?

Step 1 - Register - https://report.brandlock.io/register (Takes 3 seconds)

Step 2 - Deploy Javascript. (either via a tag mgmt solution or directly place on your site)

HOW CAN I TEST THE RESULTS?

Easy. Every pilot we do includes an A/B test. We’re all about proof.

Week 1 - Listening Mode- we just listen and sniff out infection rates, types of malware, etc.

Week 2 - 4 - Protection Mode - We’ll be knee deep in A/B testing here, dividing traffic into two groups - Protection Group and Control Group.

Week 4 — We’ll review the results: (Comparing the 2 groups)

--Revenue Lift

--Conversion Rate Lift

--Average Order Value

--Per Session Value

--Overall Revenue Lift

Besides, we get it—this stuff is new and you want to see it the revenue lift to believe it. So let’s test it together!

WHAT SHOULD I EXPECT IN TERMS OF RESULTS, WHEN RUNNING BRANDLOCK?

All depends on how you implement. (will explain when we talk, so as to avoid giving away trade secrets)

On average our clients obtain the following results:

1. Ecommerce Sites- 10-20% revenue lift in first 30 days. Plus - Eliminate affiliate fraud.

2. Publishing Sites - 10-15% ad revenue lift in first 30 days by stoping ad theft w/in the browser.

3. Banking & Healthcare- Stop data leaks via the browser, eliminate unwanted ads, etc.

HOW IS BRANDLOCK DIFFERENT FROM TRADITIONAL CYBER SECURITY SOLUTIONS?

Traditional cyber security companies are focused on protecting your servers, databases, and infrastructure from direct attacks. No doubt this is critical, but it only solves one aspect of the problem as they’re no protection your customers. The unprotected customer is the new wild west.Customers are naive, vulnerable, and clueless when it comes to realizing they’re infected, let alone how to do something about it.

Relying on your customer to ’self protect’ their browser means you’re giving up 10-15% in revenue, when you could easily protect them and prevent traffic theft.

WE RUN A SESSION RECORDING TOOL, HOW COME WE DON’T SEE THE AD INJECTIONS?

All depends on the tool and how it’s gathering data:

- Client Side (via tags)- Can work, but we’ve found many of these tracking script solutions can be detected and blocked via ad blockers and/or the malware itself. Given many newer forms of malware scripts go much deeper than JS injections, deploying via subframes, and/or operate when the user isn’t even at the computer/phone you’re likely only going to capture a small percentage.

-Server-side (never sees what we see)- only displays what your servers serve up, not what the customer sees via their browser. Completely ineffective.

- Hybrid approach of Client Side Tags & Server side. - Combo approach which shares the same faults of client side and server site approaches.

Let’s Connect.

Address:

56 Bergen ridge Road
North Bergen, New Jersey, 07047.

Phone:

(201) 987-5625
Your message has been sent. Thank you!