Let’s talk about spoofing for a minute. When you hear words like ‘phishing’, ‘business email compromise’ or ‘cybercrime’, what’s the first that pops into your head? Most people would think about something on the lines of email security, and chances are, you did, too. And that’s absolutely right: each of the terms I just mentioned are forms of cyberattack, where a criminal uses social engineering and other techniques to gain access to sensitive information and money. Obviously that’s bad, and organizations should do everything they can to protect themselves against it.
But there’s another side to this, one that some organizations simply don’t consider, and it’s one that’s equally important to them. Phishing doesn’t just put you at a higher risk of losing data and money, but your brand stands an equally large chance of losing out, too. In fact, that chance is as high as 63%: that’s how many consumers are likely to stop shopping a brand after just a single unsatisfactory experience.
How Do Email Phishing Attacks Harm Your Brand?
Understanding how phishing can compromise your organization’s systems is fairly straightforward. But the long-term effects of a single cyberattack? Not so much.
Think about it this way. In most cases, a user checking their email is likely going to click on an email from a person or brand they know and trust. If the email looks realistic enough, they wouldn’t even notice the difference between one that’s fake and one that’s not. The email might even have a link leading to a page that looks exactly like your organization’s login portal, where they type in their username and password.
Later on, once they hear that their credit card details and address have been leaked to the public, there’s nowhere to turn to but your organization. After all, it was ‘your email’ that caused the disaster, your lack of security. When your own customers totally lose faith in your brand and its credibility, it can cause huge problems for the optics of your brand. You’re not just the company that got hacked, you’re the company that allowed their data to be stolen through an email you sent.
It’s not hard to see how this could seriously hurt your bottom line in the long run, especially when new, potential customers are turned off by the prospect of being another victim of your emails. Cybercriminals take the trust and loyalty that your customers have in your brand, and actively use it against you. And that’s what makes Business Email Compromise (BEC) so much more than a technical security issue.
What Are Some of the Worst-Hit Industries?
Pharmaceutical companies are some of the most frequently targeted businesses for phishing and cyberattacks. According to a study of Fortune 500 pharmaceutical companies, in just the last 3 months of 2018, each company faced on average 71 email fraud attacks. That’s because drug companies hold valuable intellectual property on new chemicals and pharmaceutical products. If an attacker can steal this information, they can sell them on the black market for a hefty profit.
Construction and real estate companies aren’t too far behind, either. Financial service companies and financial institutions in particular face the constant threat of having sensitive data or large sums of money stolen from them through carefully planned Business as well as Vendor Email Compromise (VEC) attacks.
All these industries benefit greatly from customers trusting their brands, and their relationship with the brands directly influences their business with the companies. If a consumer were to feel like that company wasn’t capable of keeping their data, money or other assets safe, it would be detrimental to the brand, and sometimes, irreparably so.
How Can You Save Your Brand?
Marketing is all about building your brand image into something that audiences won’t just remember, but associate with quality and reliability. And the first step towards that is by securing your domain.
Cybercriminals spoof your organization’s domain and impersonate your brand, so when they send an email to an unsuspecting user, it will appear like it’s coming from you. Rather than expecting users to identify which emails are real and which ones aren’t (which very often is almost impossible, particularly for the layman), you can instead prevent those emails from entering users’ inboxes entirely.
DMARC is an email authentication protocol that acts like an instruction manual for a receiving email server. Every time an email is sent from your domain, the receiver’s email server checks your DMARC records (published on your DNS), and validates the email. If the email is legitimate, it ‘passes’ DMARC authentication, and gets delivered to the user’s inbox.
If the email is from an unauthorized sender, depending on your DMARC policy, the email can be either sent directly to spam, or even blocked outright.
DMARC can almost completely eliminate all spam emails that originate from your domain, because instead of blocking fake emails as they leave your domain, it instead checks for authenticity as the email arrives in the receiver’s server.
If you’ve already implemented DMARC and are looking for ways to take your brand security even further, there’s Brand Indicators for Message Identification (BIMI). This new email security standard affixes your brand’s logo next to every email from your domain that’s been authenticated by DMARC.
Now, when your customers see an email you’ve sent, they’ll associate your logo with your brand, improving brand recall. And when they see your logo, they’ll learn to only trust emails that have your logo next to them.