How To Stop Phishing Scams Ruining Brand Reputation

When it comes to creating and maintaining a strong brand, nothing is more important than trust. A lack of trust will erode the impact of even the most creative and eye-catching marketing a company devises.

The digital age has created a new dimension to how brands communicate with their customers and opportunities for any brand-damaging event have amplified. Thanks to social media, broken promises and bad practice can spread around the world in a matter of hours, with many people delighting in the chance to catch a brand out in a lie. As long as a brand lives up to its commitments, whether it’s swift delivery, high quality or strong customer service, however, they have little to worry about.

Increasingly, however, brands are also having to deal with a much more sinister reputational impact from the digital world, and one that has nothing to do with their actual performance.

Cybercriminals are increasingly using familiar brands as a method of tricking their victims , using the trust they engender to steal credit card details, passwords and other valuable personal data.

Gone Phishin’

While the public has long since become inured to emails claiming to come from a foreign prince who owes them money, the more recent wave of email scams impersonate well-known brands such as retailers, banks, or even public sector bodies to gain the target’s trust.

A popular tactic is to tell the target they have received a prize of some sort, or that there is urgent action needed with their account. Some emails are crudely done and obviously suspicious, while others are near-perfect copies of genuine emails the average consumer expects to receive. Whatever the framing, in most cases the emails prompt the recipient to click on a link to what appears to be a familiar website associated with the brand owner, before redirecting them to a third-party site controlled by the cybercriminal. This site then intercepts and captures confidential data like payment card details or passwords, which can be sold on the black market and subsequently used to defraud the consumer of their hard-earned cash.

While there are plenty of other cyber risks around for brands to worry about, such as websites or ads infected with malware, emails are easily the number one attack vector used by cyber criminals, initiating 95% of all security breaches (Source: SANS). Just like the real brands, cybercriminals take advantage of emails to reach thousands or even millions of recipients at once. With so many potential victims, they can be sure that at least some will take the bait and click the link.

With so many dangerous fake emails in their inbox, customers’ perceptions cause them to lose trust in online communications, which in turn has had a knock-on effect on click through rates for legitimate marketing communications. Studies show that 42% of consumers are less likely to do business with a company following receipt of a suspicious messaging purporting to be from that brand (Source: Cloudmark).

Locking Out The Fakes To Protect The Brand

As damaging as the phishing epidemic can be, the good news is there is a way to tackle the problem. A recent report conducted by Forrester Consulting, entitled the Total Economic Impact (TEI) report of protecting your brand found that brand owners who take proactive steps to stem the flow of illegitimate emails from spoof accounts can make significant progress in regaining trust. And enhanced trust gained from preventing fraudulent emails increased the response rate to email campaigns by as much as 10%. One company reported that such an approach had enabled them to generate more than $4.9m of incremental profit over three years, not only through increased email marketing engagement, but also by drastically reducing the number of support calls received by customer service teams from disgruntled customers reporting fake emails.

The first step for a brand looking to lock out the fakes and regain customer trust is to take stock of all legitimate email being used by the company. This can be easier said than done, as they generally stem from multiple accounts within the business, as well as third-party email-sending platforms such as Marketo and Salesforce.

Once this information is in order, however, legitimate email domains can be protected by machine learning solutions. Leveraging the DMARC email authentication standard adopted by leading ISPs globally, brands can then ensure illegitimate emails are blocked at consumer mailboxes. With the spoofs and fakes prevented from reaching their targets, customers will know that any email that appears to be from a brand is the real thing.

The result of gaining full visibility and control of which emails are being sent with the brand’s identity can be powerful. For example, a large, well-known Financial Services firm I am familiar with estimated they used 200 approved domains on 3,900 approved servers, being used to send 1.2 billion legitimate emails per month. However, once they implemented their anti-phishing system, they discovered an additional 1.3m servers that were spoofing their domains, resulting in millions of malicious emails targeting their customers every month.

With phishing attacks only set to rise, regaining control of their email channel should be an essential action for any brand that values the trust of their customers. By ensuring their brand is only used for genuine messages, they will not only be able to reap the benefits of improved customer response rates, but they’ll also be doing their part against the scourge of cybercrime.