Dan is a 20 year veteran of the ICT industry working for global and local vendors in bringing new and innovative technologies to market in the ANZ region. During his career, Dan has been passionate about bringing a local voice and insights to global technology challenges. As the Editor of GetCyberResilient.com Dan casts a keen eye across the hot topics, trends and pulse of local security practitioners to curate stories from near and far that are most impactful in addressing our evolving risks.
The explosion of the digital economy has also created a world of ever-increasing opportunity for enterprising cybercriminals, and email frauds are their weapon of choice.
Con artists target companies of all sizes, using fake emails and counterfeit websites to steal billions of dollars a year globally.
One of the key scams in cybercriminals’ arsenal is brandjacking: the unethical use of well-known company names and trademarks to fool people into trusting malicious emails that find their way into their inboxes. The goal of these emails is simple: send users a genuine-looking email and get them to click a link, which will take them to a fake login page or form. Have them enter their logins, passwords, or credit card information and make off with their data.
By using household brand names as a cover for their scam, bad actors use the trust a company has built with its customers to gain access to their confidential data and details. Cybersecurity is now overlapping with the CMO’s concerns as well, as any breaches or scams can compromise their customer’s data as well as their brand’s trustworthiness.
Really clever scammers even mimic the customer experience of the brand they’re impersonating: some scams take users to a convincing replica of a brand’s homepage, asking them to log in with their username and password. If they do enter their credentials, the fake site redirects them to a second page that asks for even more details, like their home address and phone number, for ‘verification’ purposes. Not only does this lull the user into a false sense of security, it gives scammers a chance to gather even more personal data. After they enter all their personal information, the user encounters a mysterious ‘404 page not found’ error and is left wondering why the website isn’t working. The resulting loss of customer trust and risk of data misuse can have huge implications for both the CISO and the CMO.
How the CISOs and CMOs can build a cyber-resilient brand
Scammers are an external threat that companies have limited control over, but there are still some things CISOs and CMOs can do to defend against them. Email security and secure two-factor authentication for customer portals are a great place to start.
Another technique is for your company to purchase similar domain names and misspelled domain names to minimise the chances a scammer could use them. Many major brands already do this, like Google, for example; typing www.googel.com redirects the user to www.google.com. You’ll also want to register your domain name on relevant domain extensions. Did you know that www.apple.store redirects to www.apple.com? Or that www.amazon.tech redirects to www.amazon.com?
Doing this will limit the opportunities for cybercriminals to create fake domains using your brand name. The other thing to do is to inform your customers of any brandjacking scams of which you become aware. Telling customers upfront about what you will and won’t ask them over email goes a long way to protecting them against potential scams. Trademarking your brand assets, like logos and fonts, can also give you some leverage to take down fake sites when they do pop up.
By coordinating their efforts, CISOs and CMOs can build brands that are more resilient, reputable and rank higher on customer trust. And, in a highly competitive and interconnected digital marketplace, reputation is everything.