[{"@context":"https:\/\/schema.org\/","@type":"BlogPosting","@id":"https:\/\/www.the-future-of-commerce.com\/2023\/02\/06\/phishing-gets-stealthier-4-ways-to-defend-your-brand\/#BlogPosting","mainEntityOfPage":"https:\/\/www.the-future-of-commerce.com\/2023\/02\/06\/phishing-gets-stealthier-4-ways-to-defend-your-brand\/","headline":"Phishing gets stealthier: 4 ways to defend your brand","name":"Phishing gets stealthier: 4 ways to defend your brand","description":"Phishing attacks are stealthier than ever, putting brands and their reputations at risk. Find out four ways to fend off fraudsters.","datePublished":"2023-02-06","dateModified":"2023-08-29","author":{"@type":"Person","@id":"https:\/\/www.the-future-of-commerce.com\/contributor\/david-rand\/#Person","name":"David Rand","url":"https:\/\/www.the-future-of-commerce.com\/contributor\/david-rand\/","identifier":662,"image":{"@type":"ImageObject","@id":"https:\/\/secure.gravatar.com\/avatar\/27af23cf29ea2b57936ae1099d10f2b43bf9e7528abe792c2ae825d887981c44?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/27af23cf29ea2b57936ae1099d10f2b43bf9e7528abe792c2ae825d887981c44?s=96&d=mm&r=g","height":96,"width":96}},"publisher":{"@type":"Organization","name":"The Future of Commerce","logo":{"@type":"ImageObject","@id":"https:\/\/www.the-future-of-commerce.com\/wp-content\/uploads\/2023\/01\/logo-foc-schema-app-1.png","url":"https:\/\/www.the-future-of-commerce.com\/wp-content\/uploads\/2023\/01\/logo-foc-schema-app-1.png","width":172,"height":60}},"image":{"@type":"ImageObject","@id":"https:\/\/www.the-future-of-commerce.com\/wp-content\/uploads\/2020\/02\/thumbnail-fd2edb816d587b1369bb5655645ece0c.jpeg","url":"https:\/\/www.the-future-of-commerce.com\/wp-content\/uploads\/2020\/02\/thumbnail-fd2edb816d587b1369bb5655645ece0c.jpeg","height":375,"width":1200},"url":"https:\/\/www.the-future-of-commerce.com\/2023\/02\/06\/phishing-gets-stealthier-4-ways-to-defend-your-brand\/","about":[{"@type":"Thing","@id":"https:\/\/www.the-future-of-commerce.com\/commerce\/commerce-general\/","name":"Commerce","sameAs":["https:\/\/en.wikipedia.org\/wiki\/Commerce","http:\/\/www.wikidata.org\/entity\/Q26643"]},{"@type":"Thing","@id":"https:\/\/www.the-future-of-commerce.com\/marketing\/","name":"Marketing","sameAs":["https:\/\/en.wikipedia.org\/wiki\/Marketing","http:\/\/www.wikidata.org\/entity\/Q39809"]},{"@type":"Thing","@id":"https:\/\/www.the-future-of-commerce.com\/marketing\/marketing-general\/","name":"Marketing","sameAs":["https:\/\/en.wikipedia.org\/wiki\/Marketing","http:\/\/www.wikidata.org\/entity\/Q39809"]},{"@type":"Thing","@id":"https:\/\/www.the-future-of-commerce.com\/marketing\/social-media\/","name":"Social Media","sameAs":["https:\/\/en.wikipedia.org\/wiki\/Social_media","http:\/\/www.wikidata.org\/entity\/Q202833"]},{"@type":"Thing","@id":"https:\/\/www.the-future-of-commerce.com\/commerce\/trends-commerce\/","name":"Trends","sameAs":["https:\/\/en.wikipedia.org\/wiki\/Fad","http:\/\/www.wikidata.org\/entity\/Q787045"]}],"wordCount":1595,"keywords":["Brand Management","Cybersecurity","Email","Email Marketing"],"articleBody":"Just a few years ago, it was easy to spot phishing. If an email or text seemed to be coming from a real brand, but contained misspellings, bad grammar, or blurry logos, you could bet someone was trying to trick you into clicking on a link as part of a campaign to steal your data, money, or identity.Today, though, spotting illegitimate communications isn\u2019t so easy. Most cybercriminals are much better at disguising their identities thanks to powerful, low-cost hacking tools or phishing-as-a-service\u00a0kits on the dark web. These tools, many of which use artificial intelligence, can make communications from even the most illiterate scammer look professional.What\u2019s more, with rapid advances in Open AI\u2019s ChatGPT, a free AI chatbot program built with natural language processing (NLP) capabilities, hackers now have a faster, better, and cheaper way of creating communications that mimic a brand’s personality or tone.With all of these innovations, it\u2019s no wonder that hackers launched 255 million phishing attacks in 2022, up 61% from the previous year.Observers say that if this trend persists \u2013 which is likely \u2013 it could lead to consumers ignoring most legitimate marketing communications.      Why data security is critical to the future of CX                No technology can overcome the fact that the customer experience is a human endeavor. Learn why data security is critical to the future of CX.      Gone phishing: 10 most-spoofed brandsAll brands are at risk of being spoofed, but fraudsters often target big technology companies, shippers and social media networks.Here are the top 10 most imitated brands in Q4 2022, ranked by their overall appearance in brand phishing attempts, according to Check Point Software:Yahoo (20%)DHL (16%)Microsoft (11%)Google (5.8%)LinkedIn (5.7%)WeTransfer (5.3%)Netflix (4.4%)FedEx (2.5%)HSBC (2.3%)WhatsApp\u00a0(2.2%)  59% more contactable customers. 100% data security compliance. 10%-20% above average email open rate. Find out how it’s done HERE.4 ways to protect your brandPhishing is a huge risk to brands, their marketing, and their reputation.\u201cAll of this phishing activity can undermine brand value because when those emails come out, and consumers don\u2019t know if they are valid or not, we sometimes mis-associate our negative experiences with the company being impersonated,\u201d says Frank Dickson, a cybersecurity industry analyst with IDC.\u201cBut the truth is that even large companies like Microsoft or Google can only do so much to thwart phishing in a meaningful way.\u201dSo, if phishing is so hard to beat, what can you do to minimize its effect on your good brand name? Here are a few suggestions from industry experts:Adopt email security protocolsMaster your domainsDefend your social media channelsEducate your customers      As data breaches abound, customer data management becomes C-suite priority                Customer data management best practices allow businesses to fortify their customer relationships. The potential for growth, in commerce and trust, is massive.      Thwart the threat with email security\u00a0While phishing is hard to defeat, organizations can at least slow its advance by implementing key security protocols at the email server level.There are three that companies tend to use in tandem with one another:Domain-based Message Authentication, Reporting and Conformance (DMARC) is an e-mail validation system designed to protect your company’s e-mail domain from being used for spoofing, phishing scams, and other cybercrimes. DMARC uses e-mail authentication techniques such as Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM).Sender Policy Framework (SPF) is an e-mail authentication technique to prevent spammers from sending messages on behalf of your domain. This gives you the ability to specify which e-mail servers are permitted to send email on behalf of your domain.DomainKeys Identified Mail (DKIM) is a signature-based e-mail authentication technique involving a digital signature that allows the receiver to check that an e-mail was sent and authorized by the owner of that domain.Before these standards, hackers could essentially send emails with the exact same domains as the brands themselves, says Roger Grimes, a defense evangelist for KnowBe4, a security awareness training platform. By using these protocols to authenticate emails before they can be delivered, many large companies have stopped that.\u201cThe standards have been so successful that phishers have almost abandoned using real, legitimate brand domains,\u201d says Grimes.      These aren\u2019t the data files you\u2019re looking for: Cybersecurity in this galaxy                No matter how high you build your walls, someone with enough skill, determination, and resources can get in.\u00a0Find out what measures you need to take now to protect your data.      Master your domains to defeat dark forcesWith email security protocols doing such a great job of severing one line of attacks, hackers shifted to creating their own domains. You\u2019ve probably seen them. They often closely resemble the real thing, but deviate ever-so slightly, slipping a number, letter or symbol into unobvious places.Most hackers don\u2019t bother with doing this manually because there are numerous tools that let them create dozens or even hundreds of fake derivations. And it\u2019s almost impossible to find all those after they\u2019ve been generated, says Grimes.One technological workaround is to deploy an automated tool for identifying look-alike domains associated with your corporate domain, says IDC\u2019s Dickson. These will basically search both the publicly facing web as well as dark web and deep web sites to see who might be spoofing your brand.An additional consideration for becoming the master of your domain is to subscribe to a reputation service. These also typically involve a search tool for seeing who, if anyone, is posing as you.But they can also have hundreds of people doing the research as well as support services, like working with law enforcement to take down illegal domains, says Tony Sabaj, a Check Point spokesperson.      Public relations for the internet: Online reputation management                Online reputation management means monitoring and engaging in online activities to understand and improve the public impression of a company. In other words, public relations for the internet.      Step up social media security\u00a0Brands also need to protect their social media channels from attack. If compromised, these channels can then become tools for launching phishing attacks, says Grimes.\u201cIt\u2019s really common for a hacker to break into a company, search through accounts payable and accounts receivable inboxes then send fake invoices and banking information changes to people,\u201d he says, referring to business email compromise.\u201cThey might say something like \u2018hey, we just want to let you know we\u2019re changing to a new bank and you should send your payments to this new bank routing and account number’.\u201d      Social commerce growth: A matter of trust                Shopping on social media platforms is expected to increase three times as fast as traditional e-commerce, but brands need to build customer trust to boost adoption.      Educate your customers (and anyone who will listen)One of the most important things a company can do to protect its brand is to inform customers about the threat posed by phishing attacks and what they can do about it.Let them know about current phishing trends, like hackers sending unsolicited emails saying they\u2019ve won something or that a shipment of something they never ordered has been delayed, or that their account has been taken over and requires technical support.Also, regularly update customers on how you’re proactively working to combat phishing. Finally, take every opportunity to remind customers they need to play a part in protecting themselves.Offer common-sense tips such as:Suspect digital communication with odd domain names, fonts, misspellings, grammar or images. These \u201ctells\u201d aren\u2019t as common as they once were, but they do still exist.Look for mismatches between supposed senders, email addresses, subject lines, and the message itself. For example, I recently received a poorly crafted email that supposedly came from Lowe\u2019s claiming I\u2019d won a Dewalt Heater. The sender\u2019s email address didn’t include the hardware store\u2019s name. The body of the message was topped with a logo from EA, the video game company. And instead of telling me how to get my heater, it said I\u2019d asked for a password change and could click on an link to make that happen.Be skeptical of communications that seem to come out of nowhere or asking you to do something you\u2019ve never done before with the supposed sender, like sharing financial or personally identifiable information (PII).Never click on links from anyone you do not know or trust, especially if they are asking you to choose a new password.Also, look out for possible deepfake videos, which are being used for phishing. Although they\u2019re getting slicker, you can usually spot them by looking for visual distortions like unusual head or torso movements and synching issues between the face, lips, and audio, writes Stu Sjouwerman, founder and CEO, KnowBe4.      Mission critical: Why CMOs are focusing on protecting customer data                In the race to compliance, customer trust is the finish line. A data breach can mean massive losses, so CMOs are focusing on protecting customer data.      A never-ending battleIn the end, companies should face the fact that fighting phishers is a back-and-forth battle. For every countermeasure brands throw up, cybercriminals will find another attack vector \u2013 which is why remaining alert to changing threats and focusing on people, processes, and technology is so critical.\u201cIt\u2019s a cat-and-mouse game for sure,\u201d says Check Point\u2019s Sabaj. \u201cBut there are a lot of things organizations can do to prevent phishing, and they need to in order to protect their brand value.\u201d  Identify, convert, retain.Learn how a great data strategy can drive BIG results HERE."},{"@context":"https:\/\/schema.org\/","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"2023","item":"https:\/\/www.the-future-of-commerce.com\/2023\/#breadcrumbitem"},{"@type":"ListItem","position":2,"name":"02","item":"https:\/\/www.the-future-of-commerce.com\/2023\/\/02\/#breadcrumbitem"},{"@type":"ListItem","position":3,"name":"06","item":"https:\/\/www.the-future-of-commerce.com\/2023\/\/02\/\/06\/#breadcrumbitem"},{"@type":"ListItem","position":4,"name":"Phishing gets stealthier: 4 ways to defend your brand","item":"https:\/\/www.the-future-of-commerce.com\/2023\/02\/06\/phishing-gets-stealthier-4-ways-to-defend-your-brand\/#breadcrumbitem"}]}]