Why data security is critical to the future of CX
No technology can overcome the fact that the customer experience is a human endeavor. Learn why data security is critical to the future of CX.
Just a few years ago, it was easy to spot phishing. If an email or text seemed to be coming from a real brand, but contained misspellings, bad grammar, or blurry logos, you could bet someone was trying to trick you into clicking on a link as part of a campaign to steal your data, money, or identity.
Today, though, spotting illegitimate communications isn’t so easy. Most cybercriminals are much better at disguising their identities thanks to powerful, low-cost hacking tools or phishing-as-a-service kits on the dark web. These tools, many of which use artificial intelligence, can make communications from even the most illiterate scammer look professional.
What’s more, with rapid advances in Open AI’s ChatGPT, a free AI chatbot program built with natural language processing (NLP) capabilities, hackers now have a faster, better, and cheaper way of creating communications that mimic a brand’s personality or tone.
With all of these innovations, it’s no wonder that hackers launched 255 million phishing attacks in 2022, up 61% from the previous year.
Observers say that if this trend persists – which is likely – it could lead to consumers ignoring most legitimate marketing communications.No technology can overcome the fact that the customer experience is a human endeavor. Learn why data security is critical to the future of CX.
All brands are at risk of being spoofed, but fraudsters often target big technology companies, shippers and social media networks.
Phishing is a huge risk to brands, their marketing, and their reputation.
“All of this phishing activity can undermine brand value because when those emails come out, and consumers don’t know if they are valid or not, we sometimes mis-associate our negative experiences with the company being impersonated,” says Frank Dickson, a cybersecurity industry analyst with IDC.
“But the truth is that even large companies like Microsoft or Google can only do so much to thwart phishing in a meaningful way.”
So, if phishing is so hard to beat, what can you do to minimize its effect on your good brand name? Here are a few suggestions from industry experts:Customer data management best practices allow businesses to fortify their commitment to positive relationships. The potential for growth, in commerce and trust, is massive.
There are three that companies tend to use in tandem with one another:
Before these standards, hackers could essentially send emails with the exact same domains as the brands themselves, says Roger Grimes, a defense evangelist for KnowBe4, a security awareness training platform. By using these protocols to authenticate emails before they can be delivered, many large companies have stopped that.
“The standards have been so successful that phishers have almost abandoned using real, legitimate brand domains,” says Grimes.
No matter how high you build your walls, someone with enough skill, determination, and resources can get in. Find out what measures you need to take now to protect your data.
With email security protocols doing such a great job of severing one line of attacks, hackers shifted to creating their own domains. You’ve probably seen them. They often closely resemble the real thing, but deviate ever-so slightly, slipping a number, letter or symbol into unobvious places.
Most hackers don’t bother with doing this manually because there are numerous tools that let them create dozens or even hundreds of fake derivations. And it’s almost impossible to find all those after they’ve been generated, says Grimes.
One technological workaround is to deploy an automated tool for identifying look-alike domains associated with your corporate domain, says IDC’s Dickson. These will basically search both the publicly facing web as well as dark web and deep web sites to see who might be spoofing your brand.
An additional consideration for becoming the master of your domain is to subscribe to a reputation service. These also typically involve a search tool for seeing who, if anyone, is posing as you.
But they can also have hundreds of people doing the research as well as support services, like working with law enforcement to take down illegal domains, says Tony Sabaj, a Check Point spokesperson.
Online reputation management means monitoring and engaging in online activities to understand and improve the public impression of a company. In other words, public relations for the internet.
Brands also need to protect their social media channels from attack. If compromised, these channels can then become tools for launching phishing attacks, says Grimes.
“It’s really common for a hacker to break into a company, search through accounts payable and accounts receivable inboxes then send fake invoices and banking information changes to people,” he says, referring to business email compromise.
“They might say something like ‘hey, we just want to let you know we’re changing to a new bank and you should send your payments to this new bank routing and account number’.”
Shopping on social media platforms is expected to increase three times as fast as traditional e-commerce, but brands need to build customer trust to boost adoption.
Let them know about current phishing trends, like hackers sending unsolicited emails saying they’ve won something or that a shipment of something they never ordered has been delayed, or that their account has been taken over and requires technical support.
Also, regularly update customers on how you’re proactively working to combat phishing. Finally, take every opportunity to remind customers they need to play a part in protecting themselves.
Offer common-sense tips such as:
In the race to compliance, customer trust is the finish line. A data breach can mean massive losses, so CMOs are focusing on protecting customer data.
In the end, companies should face the fact that fighting phishers is a back-and-forth battle. For every countermeasure brands throw up, cybercriminals will find another attack vector – which is why remaining alert to changing threats and focusing on people, processes, and technology is so critical.
“It’s a cat-and-mouse game for sure,” says Check Point’s Sabaj. “But there are a lot of things organizations can do to prevent phishing, and they need to in order to protect their brand value.”