Guest Comment: Marketers ignore phishing at their peril
- Added:
- Nov 17, 2008
With Phising attacks on the rise Simone Barratt, managing director at e-Dialog discusses the ways in which marketers can protect both consumers and their brands in the face of this trend.
As gloomy economic headlines become ever more prominent it would seem that fraudsters are increasingly keen to cash-in on the financial crisis.
Figures produced by banking body APACS recently revealed that in the first six months of this year instances of “phishing” frauds involving banks and building societies rose by 180 per cent on the same period in 2007.
With the increasing number of mergers and acquisitions in the financial marketplace, phishers may employ the tactic as posing as the institution that recently acquired a retail bank in order to capture personal financial details.
For marketers at financial services organisations this trend has serious implications for e-mail strategy.
For any brand owner whose name and reputation are freely hijacked, phishing presents a complex dilemma but this problem is exacerbated in the Financial sector by the fact many banks and building societies are actively encouraging customers to switch from paper to digital communications.
Adoption of these channels is highly dependent on consumer trust but, just as customer communications are becoming more sophisticated, so too are phishing techniques which diminish that trust. Many phishers have moved beyond simple imitation and actually started to use companies own brand collateral against them.
One technique that has been around for while now is so-called image based spam, an e-mail with a single image that looks exactly like an existing company’s brand. This image is laden with randomly dispersed clear pixels so that it looks different every time spam filters see it making it extremely difficult to detect –by technology or consumers.
Another more concerning and increasingly popular technique is the mimicry of newsletters or other e-mail messages from traditional companies. These look exactly the same as the genuine ones because they actually contain stolen content and links from the original e-mail. The only difference is hidden malicious code, or links to phishing sites that attempt to plant viruses on recipient’s computers.
According to figures from the Anti-Phishing Workgroup the numbers of crimeware-spreading URLs infecting PCs with password-stealing code rose 93 percent in the first quarter of this year to 6,500 sites, an increase of 337 percent from the number detected in the same period in 2007.
The good news is that through the knowledge of these practices it is possible to combat them. Phishers are dependent on consumer ignorance and, as such, widespread education is the best means of protecting your business. For any brand owner or e-mail marketer, there are six crucial steps to take to combat this trend:
1. Send a standalone e-mail to your subscriber base reminding them you don’t ask for personal financial information
2. Remind your customers each time they login that you never request personal financial information via e-mail
3. Ensure that your privacy policies specifically state who sends e-mail on behalf of a brand
4. Build a consumer protection web page to speak about phishing attacks and behaviour
5. Begin to use authentication practices such as SPF, Sender ID, Domain Keys, and DKIM, consider a third party reputation audit
6. Instruct consumers not to click through on any links in a message that asks for financial information. Phishers are adept at making links seems as if they direct the browser to one place when, in fact ,they actually direct them to a malicious site
By Simone Barratt
Managing Director
e-Dialog