Why data security is critical to the future of CX
No technology can overcome the fact that the customer experience is a human endeavor. Learn why data security is critical to the future of CX.
Just a few years ago, it was easy to spot phishing. If an email or text seemed to be coming from a real brand, but contained misspellings, bad grammar, or blurry logos, you could bet someone was trying to trick you into clicking on a link as part of a campaign to steal your data, money, or identity.
Today, though, spotting illegitimate communications isn’t so easy. Most cybercriminals are much better at disguising their identities thanks to powerful, low-cost hacking tools or phishing-as-a-service kits on the dark web. These tools, many of which use artificial intelligence, can make communications from even the most illiterate scammer look professional.
What’s more, with rapid advances in Open AI’s ChatGPT, a free AI chatbot program built with natural language processing (NLP) capabilities, hackers now have a faster, better, and cheaper way of creating communications that mimic a brand’s personality or tone.
With all of these innovations, it’s no wonder that hackers launched 255 million phishing attacks in 2022, up 61% from the previous year.
Observers say that if this trend persists – which is likely – it could lead to consumers ignoring most legitimate marketing communications.Gone phishing: 10 most-spoofed brands
All brands are at risk of being spoofed, but fraudsters often target big technology companies, shippers and social media networks.
Here are the top 10 most imitated brands in Q4 2022, ranked by their overall appearance in brand phishing attempts, according to Check Point Software:
- Yahoo (20%)
- DHL (16%)
- Microsoft (11%)
- Google (5.8%)
- LinkedIn (5.7%)
- WeTransfer (5.3%)
- Netflix (4.4%)
- FedEx (2.5%)
- HSBC (2.3%)
- WhatsApp (2.2%)
Data privacy + security issues are keeping execs awake at night.
We’ve got the solutions HERE.
4 ways to protect your brand
Phishing is a huge risk to brands, their marketing, and their reputation.
“All of this phishing activity can undermine brand value because when those emails come out, and consumers don’t know if they are valid or not, we sometimes mis-associate our negative experiences with the company being impersonated,” says Frank Dickson, a cybersecurity industry analyst with IDC.
“But the truth is that even large companies like Microsoft or Google can only do so much to thwart phishing in a meaningful way.”
So, if phishing is so hard to beat, what can you do to minimize its effect on your good brand name? Here are a few suggestions from industry experts:- Adopt email security protocols
- Master your domains
- Defend your social media channels
- Educate your customers
With data breaches everywhere, customer data management becomes crucial
Customer data management best practices allow businesses to fortify their commitment to positive relationships. The potential for growth, in commerce and trust, is massive.
Thwart the threat with email security
While phishing is hard to defeat, organizations can at least slow its advance by implementing key security protocols at the email server level.
There are three that companies tend to use in tandem with one another:
- Domain-based Message Authentication, Reporting and Conformance (DMARC) is an e-mail validation system designed to protect your company’s e-mail domain from being used for spoofing, phishing scams, and other cybercrimes. DMARC uses e-mail authentication techniques such as Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM).
- Sender Policy Framework (SPF) is an e-mail authentication technique to prevent spammers from sending messages on behalf of your domain. This gives you the ability to specify which e-mail servers are permitted to send email on behalf of your domain.
- DomainKeys Identified Mail (DKIM) is a signature-based e-mail authentication technique involving a digital signature that allows the receiver to check that an e-mail was sent and authorized by the owner of that domain.
Before these standards, hackers could essentially send emails with the exact same domains as the brands themselves, says Roger Grimes, a defense evangelist for KnowBe4, a security awareness training platform. By using these protocols to authenticate emails before they can be delivered, many large companies have stopped that.
“The standards have been so successful that phishers have almost abandoned using real, legitimate brand domains,” says Grimes.
These aren’t the data files you’re looking for: Cybersecurity in this galaxy
Rebels hacked the Death Star. Is your org next? Protecting customer data is mission critical. Read up on cybersecurity measures that you must take now.
Master your domains to defeat dark forces
With email security protocols doing such a great job of severing one line of attacks, hackers shifted to creating their own domains. You’ve probably seen them. They often closely resemble the real thing, but deviate ever-so slightly, slipping a number, letter or symbol into unobvious places.
Most hackers don’t bother with doing this manually because there are numerous tools that let them create dozens or even hundreds of fake derivations. And it’s almost impossible to find all those after they’ve been generated, says Grimes.
One technological workaround is to deploy an automated tool for identifying look-alike domains associated with your corporate domain, says IDC’s Dickson. These will basically search both the publicly facing web as well as dark web and deep web sites to see who might be spoofing your brand.
An additional consideration for becoming the master of your domain is to subscribe to a reputation service. These also typically involve a search tool for seeing who, if anyone, is posing as you.
But they can also have hundreds of people doing the research as well as support services, like working with law enforcement to take down illegal domains, says Tony Sabaj, a Check Point spokesperson.
Public relations for the internet: Online reputation management
Online reputation management means monitoring and engaging in online activities to understand and improve the public impression of a company. In other words, public relations for the internet.
Step up social media security
Brands also need to protect their social media channels from attack. If compromised, these channels can then become tools for launching phishing attacks, says Grimes.
“It’s really common for a hacker to break into a company, search through accounts payable and accounts receivable inboxes then send fake invoices and banking information changes to people,” he says, referring to business email compromise.
“They might say something like ‘hey, we just want to let you know we’re changing to a new bank and you should send your payments to this new bank routing and account number’.”
Social commerce growth: A matter of trust
Shopping on social media platforms is expected to increase three times as fast as traditional e-commerce, but brands need to build customer trust to boost adoption.
Educate your customers (and anyone who will listen)
One of the most important things a company can do to protect its brand is to inform customers about the threat posed by phishing attacks and what they can do about it.
Let them know about current phishing trends, like hackers sending unsolicited emails saying they’ve won something or that a shipment of something they never ordered has been delayed, or that their account has been taken over and requires technical support.
Also, regularly update customers on how you’re proactively working to combat phishing. Finally, take every opportunity to remind customers they need to play a part in protecting themselves.
Offer common-sense tips such as:
- Suspect digital communication with odd domain names, fonts, misspellings, grammar or images. These “tells” aren’t as common as they once were, but they do still exist.
- Look for mismatches between supposed senders, email addresses, subject lines, and the message itself. For example, I recently received a poorly crafted email that supposedly came from Lowe’s claiming I’d won a Dewalt Heater. The sender’s email address didn’t include the hardware store’s name. The body of the message was topped with a logo from EA, the video game company. And instead of telling me how to get my heater, it said I’d asked for a password change and could click on an link to make that happen.
- Be skeptical of communications that seem to come out of nowhere or asking you to do something you’ve never done before with the supposed sender, like sharing financial or personally identifiable information (PII).
- Never click on links from anyone you do not know or trust, especially if they are asking you to choose a new password.
- Also, look out for possible deepfake videos, which are being used for phishing. Although they’re getting slicker, you can usually spot them by looking for visual distortions like unusual head or torso movements and synching issues between the face, lips, and audio, writes Stu Sjouwerman, founder and CEO, KnowBe4.
Mission critical: Why CMOs are focusing on protecting customer data
In the race to compliance, customer trust is the finish line. A data breach can mean massive losses, so CMOs are focusing on protecting customer data.
A never-ending battle
In the end, companies should face the fact that fighting phishers is a back-and-forth battle. For every countermeasure brands throw up, cybercriminals will find another attack vector – which is why remaining alert to changing threats and focusing on people, processes, and technology is so critical.
“It’s a cat-and-mouse game for sure,” says Check Point’s Sabaj. “But there are a lot of things organizations can do to prevent phishing, and they need to in order to protect their brand value.”
