• Technology

Gone Phishin’ – What Taking the Bait Means for Brands

You’ve heard about phishing, but what is it exactly, and how could it affect your company?

phishing security flywheel strategic
The Google definition limits it to email, but really phishing can take place on any communication channel just as easily, like social media or even SMS text messaging. Cyber attacks – albeit common – are difficult to pull off…but by disguising them under the reputable umbrella of a brand makes things a whole lot easier. Companies and brands spend time, energy and dollars on building trust within their customer base, and this can easily be exploited by criminals looking to get access to their networks personal information and data.


Brands are bait. 

Commonly, this is done by impersonating companies who pride themselves on customer engagement, security and trust, making credit card companies, banks or other financial services, public sector bodies or well known retailers likely targets. The use of the established name – with years of built trust with their customer – increases the likelihood of the recipients clicking a link or provided sensitive information as requested. However, once they do, they’ll likely end up installing a nasty virus with malware designed to acquire that customer’s personal data, payment information or passwords, or e persuaded to part with information that will end up in the wrong hands.

With the advent of social media and the rapid increase in digital communications over the past number of years, this type of attack can grab customers at numerous touch-points – from a Direct Message on Twitter or a public link disguised as customer service announcement, to a text sent directly to their mobile phone from a “company” about their account. And even though customers are more hesitant as they become increasingly aware of these type of attack, cyber criminals are always getting smarter and devising new ways to exploit this psychology of fear…

How Phishing Affects Your Company 

No company wants their customers data exploited – however when phishers launch an attack, they typically need to hi-jack a legitimate brand to convince the victim to take the bait, meaning the company also becomes a casualty! The reputation of your brand will be damaged fast because of a phishing scam, and both existing or prospective customers will often avoid a company’s website for fear of accidentally landing on a dodgy page if the brand has been associated with this type of activity. Due to the trust element required to pull off this kind of scam, most of those affected will likely be existing customers – and the years of work you invested into building a loyal customer base will be irrevocably eroded. Even if it was not successful, the association of the brand with the illegitimate activity is enough to push customers over to competitors. It’s always best to engage in preventative measures and ensure your customer data is 100% secure, so here are some suggested ways to manage your reputation if a phishing attack compromises your company.

Prevention and Damage Control 

First, remember that prevention is always better than cure. To limit the potential damage done by phishing, be sure to always authenticate your emails. By employing the DMARC (Domain Message Authentication Reporting & Conformance) email authentication standard adopted by leading ISP’s globally, brands can ensure fake emails are blocked at consumer mailboxes.

Take steps to inform and educate your customer base on this type of attack – and ensure they understand the ways in which they are protected when dealing with your organization. From establishing brand communication standards such as always using a first and last name when addressing a client, to reminding your customers to check that the URL they are visiting is secure if they are entering any personal data, a proactive approach to customer security will ensure your customers are knowledgeable and able to approach you directly should they be wary of a threat.  

Lastly, if your brand has been affected by this type of attack, make sure to communicate, and fast. Proactively monitor your brand and be sure you are the first to be aware of a phishing attack using your brand - no matter how rudimentary - and warn those who could be affected via your existing trusted communication channels e.g. social, (authenticated!) email announcement or press release if necessary. Hearing about a scam direct from the company first means that trust has the potential to be increased, not diminished, as clients are reminded that you are actively watching out for their security!

Click here for more tips on internet security, or contact us to learn more about managing your brand's reputation.

Author: Sandra Moffatt

Back to Top Arrow Up