Phishing is perhaps one of the today’s most infamous practices within the vast spectrum of the digital world. In fact, from an ORM standpoint, phishing, or being linked to carrying out phishing activities can arguably be devastating for the name of a company or a business in general. We at ReputationDefender previously stressed that when it comes to strengthening a business’s online reputation, avoiding looking like a dreary and a bothersome phisher is almost mandatory.
Phishing e-Mails are often used by all kinds of cyber criminals to trick people into providing or, better said, handing over sensitive information such as their usernames, their passwords, social security numbers, PIN numbers, credit card details, amongst others. If the phisher is successful, meaning: if the fraudulent e-Mail fulfills and accomplishes its purpose, the recipient can fall victim of a sheer array of issues, especially, identity theft, or maybe they will just find their credit card maxed out or their bank account with balance zero.
This scenario has alerted major Internet Service Providers and other mailbox providers, which is why they are seemingly becoming more aware of any incoming mail that looks like it could be a phishing attempt: anything looking like a fraudulent or malicious mail goes directly to the junk box, or, sometimes, it gets deleted upon arrival.
This being said, it is not difficult to also fall victim of being linked to phishing activities —it is not a secret that some industries seem to be more prone to suffer this kind of situations, especially, the banking or mailing industries; however, there are certainly several things a company, irrespective of its nature, can do to prevent its e-Mail campaigns being mistaken for fraudulent or phishing attempts.
This is particularly important even from the online reputation management standpoint: when it comes to developing and maintaining a strong brand, nothing seems to be more of paramount importance than trust; a lack of trust is detrimental to even the most creative and compelling marketing campaigns. The digital age, of course, also brought along a new paradigm in regard to how companies and brands convey information to their customers —thanks to today’s social media platforms, improper engagement, and bad practices can spread around the globe in less than the blink of an eye.
With phishing attacks on the rise, regaining control of e-Mail channels should be no less than mandatory and essential for every company that values the trust of their clients; by making sure a company does not ask for information out of well-meant motives, any particular business will not only be able to overcome this dreary issue of being linked to phishing, but also will see an improvement in customer response rates. Be that as it may, here are several strategies a company can follow in order to work against unscrupulous copycats:
Stay away from mismatched URLs
Perhaps the most basic and common example of a phishing technique is an e-Mail asserting and reporting malicious and fraudulent activity on an account and asking the recipient to click on a link just to verify the information. This apparently innocent and harmless link could actually be hiding something terrible; in fact, bad links are hidden behind a legitimate looking link —especially those from banks— which is why recipients do not hesitate to clink on them most of the times —nor question their legitimacy. These links manage to trick people into downloading malware to their computers or accessing insecure websites.
To determine whether an e-Mail may be indeed a phishing attempt or scam, the e-Mail client looks for a specific link in the recipient’s HTML campaign where the text being displayed is an URL: if the displayed link seems to differ from the actual URL, the user gets an instant notification. Sadly, cybercriminals have become really tech-savvy, and they have come up with different ways to carry out phishing scams, to the point where these have been designed to work in a rather large variety of ways, one of which, like the aforementioned technique, consists of hiding malicious links that are seemingly legitimate. Internet and safety researchers have developed different ways to combat this increasingly used thread: they have developed software that detects fraudulent e-Mails while scanning for mismatched links.
Authentication is everything
Phishing e-Mails normally use spoofing to trick recipients and mislead them about where the e-Mail was actually sent from. Basically, a “spoofed” e-Mail is a message with a fake sender address, thusly posting as if it was sent from a trusted source; nevertheless, and unfortunately, this is not actually that hard to do because an e-Mail —the process of conveying e-Mail messages between mail servers— was not precisely designed with high standards of security in mind. And here is where authentication technology steps in authenticating e-Mail addresses validate the identity of both a company or a business and the e-Mail Service Provider.
Do not overlook the power of setting up a custom domain
Instead of getting accustomed to using the default subdomain generated for a particular account, it seems to be much better and wiser to override it with a custom domain. Custom domains are the ones referenced in every campaign a company sends, meaning it will appear in the URLs for website version links, amongst other social media platforms like Twitter, Facebook, etc. Internet Service Providers assess the domains referenced in a particular campaign in order to find out whether these match the company’s DNS records. Besides, spoofed or fake e-Mails sent by unscrupulous phishers lack that kind of customization.
Ask for information the right way
Last but not least, sometimes companies have got to ask for specific (personal) information about their customers, or ask account holders to update their information for well meant (and legitimate) purposes. For example, it is ok to let customers know about a data security breach and ask them to reset their passwords; however, most of the times, this will sound tremendously suspicious. Apply the aforementioned techniques to provide e-Mails with a good reputation and make the content look entirely trustworthy: provide explanations, choose words carefully, use customization, reference trusted websites, do not ask customers to click on a link, pose as security conscious and include a permission reminder, etc.
* Featured Image courtesy of Pixabay at Pexels.com