Brand phishing attacks are on the rise. Over the last couple of years, we’re seeing more cybercriminals phishing brand names and imitating major companies, in a bid to trick users into sharing their personal information.
According to Check Point Research, technology is the industry most likely to be targeted by brand phishing, followed by shipping and retail (which was briefly overtaken by the banking sector in Q1 2021).
For Australia’s leading tech retailer, Harvey Norman, brand damage due to phishing was all too real. In 2021, scammers sent out a mass email pretending to be Harvey Norman, telling consumers they’d won a competition. Recipients were asked to confirm their ID and provide a delivery address to claim their prize (which, of course, didn’t exist).
Online watchdog Scamwatch said about this tactic: “Phishing messages are designed to look genuine, and often copy the format used by the organisation the scammer is pretending to represent, including their branding and logo. They will take you to a fake website that looks like the real deal, but has a slightly different address.”
They also said that Australians lost almost $43 million to scams in just two and a half months in 2021. So how can you protect your brand and its customers from a similar fate?
What is phishing & how can it cause brand damage?
In a phishing attack, cybercriminals attempt to impersonate the official website of an organisation. They do this by using a similar URL, to trick users into believing they’re interacting with the organisation and giving up their personal information or payment details.
Large organisations with high volumes of customer data are most at risk, with Microsoft, DHL and Amazon currently being the three most imitated brands.
A phishing attack can have a major impact on a brand’s reputation and is likely to hurt your bottom line. An attack that affects 500 customers could end up costing you more than $1.4 million in direct loss of funds to the cybercriminal, and costs to investigate and manage the crisis.
The importance of brand reputation for business
Trust is essential for a business to flourish, and when an attacker successfully phishes your brand name, trust can be lost. In fact, your customers are 42% less likely to do business with you in future, with widespread perception being that the attack was your fault.
Businesses that have been exposed to online brand abuse are likely to find that their sales and profit take a hit. As the old adage goes: “a reputation takes 20 years to build and 5 years to ruin”, and “reputation” is consistently ranked among corporate leaders as their most valuable asset.
Your reputation largely influences whether consumers choose to work with you or your competitor, so it’s essential to protect your brand proactively, to avoid any long-lasting brand damage.
How to protect your brand and maintain the trust
It all sounds pretty scary, but there are some approaches you can take to prevent scammers from phishing your brand name.
Try the following:
- Educate your employees on phishing scams and what they look like
- Monitor the internet for websites that use your branding
- Monitor domain name registrations for lookalike domains
- When it comes to email, you can use the Domain-based Message Authentication Reporting and Conformance (DMARC) to authenticate emails and prevent 99% of phishing emails from ever being sent out
- Ramp up your website’s security to prevent unauthorised access
Contact FraudWatch to protect your brand against potential brand damage caused by phishing, or to manage any current phishing attacks.