A survey has found that phishing scams don’t just hurt consumers – the brands hijacked by criminals to launch attacks can also emerge with scars.
This is the main finding of a YouGov poll of 1,960 UK-based consumers conducted on behalf of security outfit Cloudmark, in which a surprisingly high percentage – 42% – claimed that their trust in a brand would be damaged by a phishing attack, even though the scam had nothing to do with it.
Banks, ISPs and social networking sites appeared to be brands most likely to feel the force of this negative response. Cloudmark’s own research has recently shown the Natwest Bank to be the UK brand most likely to be appropriated for phishing scams during October 2007.
As to remedies, 40% felt that it was the job of their own and the originating (ie. the spammer’s) ISP to protect them from the scourge, with only 26% seeing it primarily as the individual consumer’s job to protect themselves. Clearly, some consumers expect the Internet to be regulated as might physical mail or telephone services, and look for someone to blame for the lack of that authority when things go awry.
“What is interesting to note from these results is that well-known brands are also suffering, with phishing attacks having a detrimental effect on their reputation. This knock-on effect will be particularly worrying for the banks, which rely on a high degree of trust with their customers,” said Cloudmark’s Neil Cook. One problem is that phishing was happening in a number of forms that yet to familiarise themselves with, such as voice-based fraud.
“Not only are we seeing evidence of more .uk phishing URLs, but also a shift in phishing techniques. Vishing is a good example of this where the scammers use cheap VoIP call centre systems as the back end to their phishing attacks, which changes the whole dynamic of trust,” said Cook.
None of this will come as surprise to businesses, though it is hard to see what individual companies can do protect themselves from what is now part of the broader phenomenon of “brandjacking.”