Warren Buffett once mused, “It takes 20 years to build a reputation, and five minutes to ruin it.” If you are not protecting your brand from online threats, your reputation and your bottom line will suffer. Of all the risks to brands online, only some of them can be addressed by standard IT and cybersecurity teams. Other risks, such as the ones we’ve uncovered here, will require multiple layers of security and understanding across your organization.
With 97% of people being unable to correctly identify phishing emails, it is no wonder that phishing scams are still among the greatest risks brands face in 2019. A phishing attack or scam occurs when a criminal sends a message, either by email, text message or on social media, pretending to be a person or organization that they are not a part of in order to obtain sensitive information from the target.
Perpetrators of these scams use different strategies to elicit fear, curiosity or a sense of urgency so that when the target is prompted to download an attachment or fill in personal or private information, such as their username, password or credit card number, they are more likely to provide it.
- Spear Phishing: Phishing attempts directed at specific individuals or companies have been termed spear phishing. In contrast to bulk phishing, spear phishing attackers often gather and use personal information about their target to increase their probability of success.
- Whaling: The term whaling refers to spear phishing attacks directed specifically at senior executives and other high-profile targets. In these cases, the content will be crafted to target an upper manager and the person’s role in the company.
- Angler Phishing: In angler phishing, attackers create fake customer-support accounts on social media to trick people looking for help into visiting a phishing site or providing account credentials.
While cyber safeguards and internal education can begin to resolve the problems caused by phishing, angler phishing, in particular, becomes problematic for brands. Customers like the convenience of receiving customer service through social media because they know their complaints and questions will get a prompt reply. In fact, more than 80% of inbound social customer service requests now happen on Twitter. When those customer engagement opportunities are hijacked by fraudulent accounts posing as the brand, this can cause problems for both consumers and retailers.
What Brands Need To Do
Establishing the proper communication channels and educating all stakeholders on cyber threats will help your brand stay ahead of hackers. Social engagement is typically managed by marketers or by customer service teams. If you are the target of angler phishing on social media, it might also make sense to be transparent with customers and educate them on identifying hacker accounts. Educating marketing and customer service teams to identify and address phishing attempts in coordination with cyber security. Ultimately, though, this requires a shift by the entire organization to recognize that phishing threats are not only problems for internal systems managed by IT.
Third party platforms, consumers and your brand reputation online are all at risk where phishing is concerned. To protect yourself and consumers from phishing attacks, technology tools can help do the heavy lifting. Use a tool that monitors online content so that you can be notified when your brand name or brand-specific hashtags are mentioned. As phishing trends evolve, you can identify combinations of words that might be indicative of fraudulent activity. Conduct cyber investigations alongside online intelligence gathering so that less falls through the cracks and to better identify the source of threats.
Data breaches can be devastating to brands online. There are multiple ways of perpetrating a data breach, but ultimately the outcome is the same where brands are concerned. According to Aviva Insurance, after a company is breached, 60% of customers will think about moving to another company and 30% actually do. Consumers will consider ending their relationship with a brand over a data breach even if they do not personally suffer a material loss. A data breach can destroy the relationship between a customer and a brand due to the perceived betrayal of the customer’s trust. In addition to the data loss and frauds that are perpetrated using that data, the company’s reputation will suffer.
Data breaches typically occur in two phases. The first phase involves gaining access to companies’ systems to gather their data and applications. The second phase is the exploitation of the data. These actions could include theft of data, hijacking of systems or denial of service.
What Brands Need To Do
Before a major breach occurs, every organization should have a strong cyber breach response plan to assess, investigate, remediate, eradicate and respond to incidents. This is the technical aspect of the data breach and helps to combat that first phase of a data breach, gaining access to systems to gather data and applications.
Once this cyber protection is in place, security teams need to mobilize quickly to investigate how the data and applications obtained through the breach are being used by hackers. To locate evidence about the hack, investigation on the Dark Web will be necessary to identify any locations where the data is being used. Media Sonar software provides visibility across the Dark Web, including advanced search capabilities and custom alerts so that you will know when the data is used in the future. This will help brands act fast to mitigate any problems that could impact customers, employees and ultimately the brand itself.
Stolen & Counterfeit Goods
Organized Retail Crime (ORC) is not a new concern for security professionals, but the game has changed. While the Internet makes it possible for retail brands to sell their wares online, it also makes it easier for gangs to sell goods they have stolen from those same retailers. Online classifieds and auction sites make it easier and safer than ever to dispose of stolen or counterfeit goods anonymously online. This brings us to the Dark Web. It is estimated that 96% of the Internet cannot be accessed by conventional search engines. For companies that take brand protection seriously, the Dark Web is a necessary place to navigate.
What Brands Need To Do
To locate stolen and counterfeit goods online, set up alerts on sites where those types of goods are marketed. Target online auctions, online classifieds, and forums where stolen and counterfeit goods are often sold. Those alerts should contain your brand name, product names or any other relevant keywords. Search and create alerts for the Dark Web to let you know when your brand name, product names or any other relevant keywords are present. You will need the right security and software in place before accessing the Dark Web. To stay safe on the Dark Web, use software like Media Sonar that provides a safe interface for searching and creating custom alerts on the Dark Web.
- To learn more about the Deep Web and the Dark Web, read this
- To learn more about Organized Retail Crime, read this
Hackers are not the only threat to retail brands doing business online. Most brands have a social presence by now, and it’s here where you become most vulnerable. People trust recommendations from their peers and even strangers on social media. Your reputation could suffer if too many negative comments show up on social media, especially if you do nothing to respond.
What Brands Need To Do
Online investigation and discovery tools with full visibility across the Internet can help you to understand the reach of your social media activities as well as the sentiment of your customers when talking about your brand. Technology tools, such as Media Sonar’s software, help you identify ongoing conversations about your brand and how your brand image changes over time. Make sure that negative conversations about your brand are addressed and resolved. Use the intelligence to learn how to adapt your marketing strategy and customer service according to what your customers want and trends you see in the market.
What This Means
Your entire organization needs to be educated on the different types of risks that exist for brands online, including phishing, data breaches and the sale of stolen and counterfeit goods. Cybersecurity teams need to coordinate across the entire organization to better identify vulnerabilities. Technology that provides visibility across the Internet is required for more thorough detection, investigation, and remediation of risks and threats. In order to be prepared for threats that have yet to be formulated, brands should move beyond the idea of physical and digital convergence. Brands must stop at nothing short of a new framework for how physical security, cybersecurity, marketing, customer service, finance and all other aspects of the business will work together moving forward. In this new structure, online intelligence gathering is the hub around which all other activities can position themselves.