Imagine for a moment that your target customer opens a marketing email from your company. A new product catches their eye in the email, and they click the link to your website. From there, they log in and provide their payment information to purchase the product from the email.
This all sounds great, right? You made a successful sale from a marketing email. The only problem? The email wasn’t from your company. The link didn’t direct them to your website. The customer provided their personal information to fraudsters who set up a spoof website masquerading as your business.
This scenario describes a common phishing scheme. Phishing is the unlawful act of obtaining personal information, such as usernames, passwords, SSNs, or credit card details, by disguising oneself as a legitimate business or organization online.
As hackers craft their skills, the number of phishing techniques is only ever-increasing:
- Link manipulation. This is the most common phishing technique, whereby a hacker embeds a link in an email that appears to belong to a legitimate organization. In reality, the link is a deceitful look-alike that leads to a fake copy-cat version of the legitimate website.
- Anti-phishing filter evasion. This is a more sophisticated technique than simple link manipulation – it usually involves image links instead of text links to make it more difficult for anti-phishing filters to detect.
- Covert link redirect. This technique involves using the actual word-for-word text of the legitimate link but actually redirects to a fraudulent website. The hacker can actually use a real website and corrupt the site with a login popup to steal its login information.
- Behavioral engineering. This technique involves using wording that users are known to trust as legitimate to get them to click on fraudulent links. For example, the scam website could be hidden behind a link to a salacious news story to get the reader’s attention.
Why We Should Worry
No matter the phishing technique, one thing is for sure. You do not want your company or brand associated with any phishing attack. The first obvious reason is that you could lose millions if your company targets the attack. But a less obvious reason is the ramifications it may have on your brand’s perception by your customers.
What happens if you become known as the company that is easily hacked, the company that has poor cybersecurity, or the company that doesn’t invest in itself? People would see you as unprofessional and illegitimate and potentially lose millions due to a tarnished reputation.
From the customer’s perspective, if they get scammed, they won’t remember the hacker’s name that stole their information. But they will remember they had their information stolen by trying to access YOUR website. That is why we should worry.
One solution among many as part of a larger brand protection strategy is the AdultBlock service. AdultBlock and AdultBlock+ services block any registrations of your trademarks under all four adult-themed TLDs: .xxx, .adult, .porn, and .sex. This service caters more to large trademark holders that are members of the Trademark Clearing House. We will touch on that another day!
Another way would be to register your brand’s common misspellings, like putting the www without the dot in between the www and the domain name. If your company uses commonly misspelled words, one would register and point those at the business. Scammers have gotten more sophisticated where they even will register a domain like BUSlNESS.com, where instead of the letter i, they register the L.
For more information on our AdultBlock service and how we can fit into your brand protection strategy, contact come visit us.