By Victor Garcia, together with Matthias Gundel, Group IP Counsel, Belron International Limited
Background
Belron® is the world’s leading vehicle glass repair and replacement group, with more than 30,000 employees in over 30 countries worldwide. In 2018, Belron and its affiliates served 17.8 million consumers with a turnover of more than 3.8 billion Euros. The business operates through three main brands:
– CARGLASS®, amongst others in continental Europe
– SAFELITE®, in the United States of America;
– AUTOGLASS®, in the UK and Ireland.
Spear Phishing Attack on management level
Earlier in 2019 the domain belrongroup.com was registered by a 3rd party. That same day, a well-designed fraudulent email (impersonating the CEO and adapting his writing style) was sent to the GM of an operating country, seeking a transfer of funds.
Approach
Fortunately, the targeted GM quickly realized that the email was a scam and directly informed IT/security and legal. They immediately initiated a takedown at registrar level to disable belrongroup.com and prevent further fraudulent emails.
To eliminate any further risk from the domain, Belron also addressed the source of the attack by filing a “UDRP” complaint in cooperation with HSS IPM LLC (“HSS IPM”). Around two months from the date of filing, the panelist decided in favor of Belron, observing in the judgement:
“Lastly, the Panel notes that the fact that the disputed domain name does not lead to an active website cannot prevent a finding of bad faith, particularly when the disputed domain name has been used to illegitimately impersonate the Complainant in order to perpetrate fraud through e-mails.”
The judgement shows that a takedown action may strengthen the chances of success in an associated UDRP complaint.
Results
As a result of the combined takedown plus UDRP and perfect cooperation between legal, IT/security and HSS IPM, Belron demonstrated its zero-tolerance approach towards attempted fraud against its business and employees. These decisive actions achieved both short-term risk mitigation and ultimately complete risk elimination.
Key takeaways
In order to effectively strike back against a phishing attack, a company should consider its resources and set up with:
- Pre-defined channels to enable rapid and efficient internal communication;
- Highly responsive support from a reliable external provider; and
- Zero tolerance against cybercriminals to avoid snowball effect.
For assistance in developing policies and procedures and responding to phishing attacks, please contact Claire Kowarsky or Victor Garcia, Directors of HSS IPM.