The busiest shopping season of the year is here. It’s a boon for major brands online, since nearly half of all Americans have indicated they plan to buy at least one gift online. But as the number of online shoppers grows, so too does the number of cyber criminals looking to leverage those brands as a way to take advantage of their customers. The bad news: Customers are easy prey. The proof: Phishers are netting responses from nearly 14 percent of attack targets, according to a study from Indiana University’s School of Informatics.
Most large, trusted brands do a significant amount of business online around the holiday season. Consumers like the internet, because it’s an easy and engaging way to get goods and services — without the long lines and parking problems associated with shopping malls. Cyber Monday — the first Monday after Thanksgiving — is edging out the Friday after Thanksgiving as the day many retailers’ revenues move out of the red and into the black. Free shipping or gift wrapping and online specials are luring consumers to the Net for the holidays, to the tune of nearly $22 billion in online holiday purchases, studies show. But now that major brands and retailers succeeded in getting consumers to purchase through the Internet, their brand loyalty and equity are at risk. They need to find ways to get ahead of the threats cyber criminals present.
As identity theft scams grow more sophisticated and difficult to detect, there are the immediate threats to consider, including the revenue lost to the brand during the cyber attack. There’s also the loss of brand loyalty, as well as the sunk costs of creating and maintaining an online presence and back-end technology — investments that are lost when consumers choose bricks and mortar over point-and-click, or even abandon the brand altogether.
But there are things companies and brands can do to protect their reputations and maintain consumer trust. Here are three things all brands can do immediately:
1. Monitor Internet activity for abuse outside firewalls and from affiliate websites. Given the size and speed of movement on the Internet, brands and companies must proactively monitor for corporate identity abuses on Web pages and domains, misuse of slogans, trademark infringement, and improper logo use — outside their organizational walls. Another place to look for abuse: websites and domains of affiliates such as partners, suppliers, vendors, and manufacturers. It’s not hard to do, provided brands and companies put in place technology services that can scan Internet message boards, websites, blogs, and domain names. These technology services can quickly pinpoint not only unauthorized use or infringement, but typo squatting, copyright violations, boycotts/activism, or negative sentiment.
2. Detect abuse, but also prioritize your action. Monitoring is essential, but brands and companies also need a system that will make sure all abuses detected are prioritized based on business needs, and wrapped in a workflow for case management activities between internal IT, marketing, and legal groups. Using the right tools makes it easier for fraudulent Web sites to be identified and taken down immediately.
3. Respond rapidly, appropriately and cost-effectively to each type of abuse. Phishers work fast. According to the Anti-Phishing Workgroup, fraudulent sites are usually up on average 4.5 days, making them hard to catch if companies and brands aren’t vigilant. They should have a rapid response teams or work with a service provider to respond quickly to each attack and misuse of corporate identity. Considering the volume and speed of online attacks, contacting your local police or sheriff’s department, and/or filing a complaint with the FBI’s Internet Fraud Complaint Center is important, but not a complete strategy for dealing with attacks.
With the spike in Internet traffic and with so much brand equity and customer loyalty at stake this holiday season, now is as good a time as any to start implementing a strategy for managing your corporate identity online — before the phishing community does it for you.