BRANDLOCK FAQS

WHAT IS IT? HOW BIG OF AN IMPACT DOES IT HAVE? HOW TO STOP IT.


WHAT IS CONVERSION THEFT / ONLINE JOURNEY HIJACKING / BROWSER HIJACKING ?

Conversion Theft is due to an unwanted software that modifies a web browser's settings without a user's permission and is designed to inject unwanted advertising into the user's browser, often redirecting the user or browser to alternative sites.

Conversion Theft is the result of Client-side malware (CSM). CSM is the fastest growing sector w/in cyber crime and malware deployments. Why not? It’s invisible, easy to infect unsuspecting consumers, and provides an ongoing revenue stream for those deploying the CSM. Also consumers lack a collective voice for which to stand up, making for easy prey that never fights back. Furthermore, why would a consumer fight back as many of these client-side malware deploy in the form of product recommendations, coupons, and deals, which users click on to obtain better pricing. Show me a consumer who isn’t temped by better pricing and you’ll quickly understand why this works so well.

CSM includes unauthorized widgets (competitive products being displayed), ads, and spyware scripts that are injected into websites via extensions that consumers have unknowingly installed via freeware, public Wi-Fi networks, and/or apps installed which often have a trojan horse packed inside. Many of these CSMs are often unknowingly installed, yet legally done so, as consumers rarely read the EULA before checking the ‘yes’ box and downloading.

Client-side malware bypasses traditional server side security measures as the infection is outside of your reach, beyond your control, and resides 100% on the customer's side. The main intention of CSM is to hijack the consumers browser, without making things obvious, while redirecting that user to alternative sites, compromising data, and stealing your revenue.

Browser hijacking is the result of Client-side malware (CSM). CSM is the fastest growing sector w/in cyber crime and malware deployments. Why not? It’s invisible, easy to infect unsuspecting consumers, and provides an ongoing revenue stream for those deploying the CSM. Also consumers lack a collective voice for which to stand up, making for easy prey that never fights back. Furthermore, why would a consumer fight back as many of these client-side malware deploy in the form of product recommendations, coupons, and deals, which users click on to obtain better pricing. Show me a consumer who isn’t temped by better pricing and you’ll quickly understand why this works so well.

CSM includes unauthorized widgets (competitive products being displayed), ads, and spyware scripts that are injected into websites via extensions that consumers have unknowingly installed via freeware, public Wi-Fi networks, and/or apps installed which often have a trojan horse packed inside. Many of these CSMs are often unknowingly installed, yet legally done so, as consumers rarely read the EULA before checking the ‘yes’ box and downloading.

Client-side malware bypasses traditional server side security measures as the infection is outside of your reach, beyond your control, and resides 100% on the customer's side. The main intention of CSM is to hijack the consumers browser, without making things obvious, while redirecting that user to alternative sites, compromising data, and stealing your revenue.

HOW BIG IS THE PROBLEM, REALLY?

BIG. (but we get it, it’s a problem you can’t really see. That would explain why so many incorrectly assume its small and/or not happening to them.).

Think about it—millions and millions of connected smart devices that can be infected with virtually invisible code. Imagine a smart refrigerator that pings your eCommerce site, where you’re paying out affiliate fees for that traffic. The IP address is real. The ping is real. But there’s no real buyer shopping your site. Same thing happens when the CSM launches a web browser on the infected computer and pings your site at 3am, and again you pay out affiliate commissions.

On average, we’ve found that 20-30% of our client’s traffic has some form of infection w/in the browser.

The problem is growing daily as CSM has spread beyond cyber criminals, where large sophisticated retailers and corporations have figured out they can offer consumers browser based widgets (product recommendations, best deal finders, coupons, etc.) which advertise their products to your customer, while they’re shopping on your site. Not illegal (as the consumer most definitely accepted the EULA), but certainly not ethical.

Stopping this from happening = 10-20% revenue lift for eCommerce sites and 10-15% ad revenue lift for publishers.

So yeah, it’s big.

While we continue to sound the alarm; the conversation can be similar to explaining that the world is round vs. flat. Thus, it’s all about perspective. And since we’re in the weeds, chasing daily changes to CSM, amassing the largest library of variants, delivering results for our clients, etc. we’d say we have the best perspective on the planet.

HOW DO CONSUMERS GET INFECTED?

Way too easy and all too often.

Consumers get infected by downloading various kinds of software, browser extensions, and apps that appear legitimate, yet often have a few trojan horse items packed inside. Just Google for a local weather app, and you’ll see some great examples.

CSM impacts all browsers, on all devices. (phone, tablet, computer, smart devices, etc.)

HOW DO INJECTIONS SHOW UP ON MY WEBSITE?

Technically, they’re not showing up on your website, but rather displaying in the consumer’s web browser and are made to appear like your website by matching fonts, colors, and images you deploy. Thus often consumers assume its you doing it.

Browser hijacking often takes the form of injected malicious scripts, sub frames, etc. into the browser, which place unauthorized ads, cheaper product offers, etc to get paid for clicks/traffic and/or to obtain sensitive information in the case of banks, healthcare, etc.

WHY CAN’T I SEE AD INJECTIONS WHEN I BROWSE MY SITE?

You may not be infected yourself, but easily 20-30% of your customers are. This is usually because corporates do a lot to protect employees, browsers, etc from spam, malware, and malicious viruses. Consumers on the other hand are left to their own devises for detection and defense. Truth be told, consumers do very little to protect themselves and most anti-virus software applications they might install aren’t set up to even begin to look for this.

WHAT IS THE IMPACT ON MY BUSINESS?

Ecommerce Sites - Recoup 10-20% in revenue which is siphoned away from under your nose.

Publishing Sites - Recoup 10-15% in ad revenue which is stolen from you.

Banking - Spyware is capturing personally identifiable information, passwords, account information, etc. with every keystroke the consumer makes. This data is then sold. Your site is then compromised.

Healthcare- Client data, healthcare records, and personal information is exposed via the browser, impacting your brand, reputation, etc. when the leak is made public.

Protecting your server infrastructure is just one piece of the puzzle. Protecting your customer and their web browser is just as important.

HOW ARE MY CUSTOMERS AFFECTED? WHY DON’T THEY NOTICE?

Infected customers will experience your site completely differently from the way you intended. Malware injects competitive product ads, disrupting your customers’ experience, diverting attention and ultimately luring them away with cheaper products, deals, etc. In addition, the ads are annoying. Consider the time it takes to close 4-5 ads on a page. You’re annoyed by that and you leave the site. Additionally, spyware can compromise your customers’ private and sensitive data via click logging tools which capture and transmit ever keystroke your customer makes.

WHAT IS BRANDLOCKS SOLUTION?

Brandlock is like a bouncer at the front of your club, sans the velvet rope and neanderthal looking tough guy. In short, we’re “ smart security”; we compare in real time those authorized scripts running on your site vs. those that might be simulaniously running on your customer’s browser, blocking them in real-time. Installation is as easy as dropping 1 line of code on your site via a tag manager. This code monitors malicious scripts and ties into our algorithm and ever growing database of Client Side Malware.

Brandlock requires zero resources from our clients to run. Simply place a line of JS on your site and you’re up and running. Additionally, there’s zero steps your customers have to take as well. This solution does not require them to download or install anything; they simply benefit from your protecting them.

HOW DO I DEPLOY BRANDLOCK?

Step 1 - Register - Click Here (Takes 3 seconds)

Step 2 - Deploy Javascript. (either via a tag mgmt solution or directly place on your site)

HOW CAN I TEST THE RESULTS?

Easy. Every pilot we do includes an A/B test. We’re all about proof.

Week 1 - Listening Mode- we just listen and sniff out infection rates, types of malware, etc.

Week 2 - 4 - Protection Mode - We’ll be knee deep in A/B testing here, dividing traffic into two groups - Protection Group and Control Group.

Week 4 — We’ll review the results: (Comparing the 2 groups)

--Revenue Lift

--Conversion Rate Lift

--Average Order Value

--Per Session Value

--Overall Revenue Lift

Besides, we get it—this stuff is new and you want to see it the revenue lift to believe it. So let’s test it together!

WHAT SHOULD I EXPECT IN TERMS OF RESULTS, WHEN RUNNING BRANDLOCK?

All depends on how you implement. (will explain when we talk, so as to avoid giving away trade secrets)

On average our clients obtain the following results:

1. Ecommerce Sites- 10-20% revenue lift in first 30 days. Plus - Eliminate affiliate fraud.

2. Publishing Sites - 10-15% ad revenue lift in first 30 days by stoping ad theft w/in the browser.

3. Banking & Healthcare- Stop data leaks via the browser, eliminate unwanted ads, etc.

HOW IS BRANDLOCK DIFFERENT FROM TRADITIONAL CYBER SECURITY SOLUTIONS?

Traditional cyber security companies are focused on protecting your servers, databases, and infrastructure from direct attacks. No doubt this is critical, but it only solves one aspect of the problem as they’re no protection your customers. The unprotected customer is the new wild west.Customers are naive, vulnerable, and clueless when it comes to realizing they’re infected, let alone how to do something about it.

Relying on your customer to ’self protect’ their browser means you’re giving up 10-15% in revenue, when you could easily protect them and prevent traffic theft.

WE RUN A SESSION RECORDING TOOL, HOW COME WE DON’T SEE THE AD INJECTIONS?

All depends on the tool and how it’s gathering data:

- Client Side (via tags)- Can work, but we’ve found many of these tracking script solutions can be detected and blocked via ad blockers and/or the malware itself. Given many newer forms of malware scripts go much deeper than JS injections, deploying via subframes, and/or operate when the user isn’t even at the computer/phone you’re likely only going to capture a small percentage.

-Server-side (never sees what we see)- only displays what your servers serve up, not what the customer sees via their browser. Completely ineffective.

- Hybrid approach of Client Side Tags & Server side. - Combo approach which shares the same faults of client side and server site approaches.