The depths to which people will sink to make an easy buck through internet scams never ceases to amaze me, and we have seen phishing scams which have used the recent earthquakes in Japan and New Zealand.
For example, in the aftermath of the New Zealand earthquake, disgraceful opportunists took advantage of this natural disaster by launching a scam, posing as the Red Cross to take advantage of the world’s sense of charity.
This serves as a grim reminder of the uncomfortable truth that we are never truly protected, especially when brands and ISPs are not doing everything possible to prevent phishing and spoofing scams.
Phishing has become an increasingly widespread and hazardous danger in the online world. Recently the UK’s National Fraud Authority set up a dedicated email address encouraging users to forward suspicious emails so that the perpetrators can be prosecuted.
Although providing a valuable role in educating the public on cautionary email use, this fails to address the paramount issue of trust in brands. Even if the user recognises the malevolent nature of the email and passes it on to the authorities, their trust in the associated company name has been compromised – and trust is not only extremely hard to earn but even more difficult to win back.
BBC Breakfast recently focused on a case study of a woman who was a victim of an online scam. It communicated the UK fraud authorities’ message that it’s important for people to shrug off embarrassment and come forward to law enforcement when they’ve been affected, and to take appropriate action to protect oneself from threats.
My own company, Return Path, was recently the target of an email scam as fraudsters attempted to weaken the integrity of our good name as one of the leading combatants against criminal email.
The two compromises we found were dealt with immediately by suspending the IPs and immediately releasing updated lists to our servers – collaborating right away with the affected clients to find the best way forward and ensure the damage was limited as much as possible.
Even though it was Thanksgiving weekend and most of Return Path’s team were on holiday, our staff rushed back into work to deal with the attempted fraud and within hours every target of the scam was contacted by phone and email.
The attack shows that phishing and spoofing isn’t just a big consumer brand issue – every company, B2C, B2B, government and not for profit is vulnerable.
One defence against phishing and spoofing is email authentication. This allows ISPs to verify the IP that sends an email, ensuring only authenticated emails reach the user’s inbox. But even now two thirds of companies fail authentication tests because they are not taking every necessary step in the fight against fraud.
A more robust industry wide form of defence is needed to protect against fraudsters. The potential threat is huge and has disastrous implications for brand identity, which is why big hitters like Google and Yahoo! have partnered with email security scheme Domain Assurance to help to protect email senders from the perils of phishing and spoofing.
It enables ISPs to automatically block all potentially malicious unauthenticated emails purporting to be from a brand’s domain, bringing greater security to the customer’s inbox and maintaining the integrity of email marketers’ brands.
Fraudsters must not be given the opportunity to jeopardise a hard won brand identity. To prevent the success of phishing scams email authentication must be adopted on a massive scale. The petty gains achieved by abhorrent opportunists in the wake of the New Zealand earthquake disaster only shows the importance of preventing these schemes taking advantage of our names, our brands and our charity.