According to a recent report from the Anti-Phishing Working Group (APWG), the number of websites seeking to defraud consumers by stealing their personal information has reached an all-time high. This is clearly bad news for people using the Internet, but from a brand management perspective, it is also a problem for private businesses.
According to the APWG, 56,859 phishing sites were detected in February 2012, a whole percentage point above the previous record. As such, the risks faced by web users–particularly those using the Internet for banking and commerce–are continuing to rise. Criminals have identified a potential opportunity to steal confidential data and access banking details, and are coming up with increasingly innovative ways of achieving their malicious aims.
“All manner of commerce is transacted online today and in that are opportunities for new and provocative scams, leveraging some part of the customer-enterprise relationship that is unique to the domain,” said Peter Cassidy, secretary general of the APWG. “People are tougher to fool with phishing, but they still can be in the hands of a creative scam artisan.”
How does phishing damage brands?
Businesses can suffer brand damage at the hands of phishing exponents through no fault of their own. One of the problems arising for companies in spite of their innocence is that they are tarnished by association. They may be victims of phishing in the same way as their customers, but brand damage still remains a distinct possibility.
When a phishing gang targets a particular company’s website–and creates a fake version of it–consumers using the corrupted domain risk having their data stolen. They may blame the company whose website has been copied, despite a lack of knowledge or involvement in the crime. This can cause reputational damage which risks manifesting itself in reduced sales and customer attrition.
Brands are also vulnerable to dilution, disparagement, counterfeiting, and lost traffic when phishers attack. If a consumer places orders with a company selling ripped-off merchandise–irrespective of whether the goods are actually delivered–this leads to a reduction in sales at the real firm. So despite being the brand owner and trademark holder, the company fails to benefit from sales of its own products. And in a tough economic climate, companies cannot afford to miss out on the revenue which finds its way into the hands of rogue traders.
Engaging customers to prevent phishing
Businesses can take a number of steps to help protect their customers, such as engaging with them proactively and warning them about the dangers of phishing. For any company with an online offering, this may be a sensible step. Publishing information about phishing risks on their website or emailing their customers warning them about the dangers can help raise awareness, and also demonstrate that the business is looking after the interests of its customers.
In most cases, businesses will not be targeted by phishing gangs, but in the event that they are, this proactive approach may make a real difference. Instructing customers how to deal with suspicious emails and websites may spare them from becoming a victim, something the consumer is likely to appreciate and remember in future. Companies could even ask customers to report any suspicious online activity, so that others can be warned of potential scams before becoming a target.
Combating phishing scams
The key to defending against phishing scams is to be aware of the risks and flag up any criminal activity. Unless businesses have specific expertise in this area, this can represent a difficult task. As such, companies should consider the benefits of outsourcing their phishing protection services to a specialist service provider with expertise in this field.
CSC offers phishing protection services that provide constant global monitoring for new phishing attacks across multiple channels, advanced technology to identify and process relevant attacks, instant blocking to protect customers from accessing fraudulent websites and fast global takedown of attacks—typically within 24 hours.
To learn more about these services speak and to speak with a phishing expert, visit CSC online.