As seen in the news earlier this month, Russian hackers stole more than 1 billion username/password combinations. This is the largest incident of credentials theft ever reported, potentially compromising 500 million email accounts. And with a cyber-attack of this scale, it’s understandable that users feel a sense of unease about the security of their own personal credentials.
Businesses share this unease. For them, the question is no longer simply “How can we prevent a data breach?” They’re also wondering how they can protect their customers after a data breach, incidents which are these days almost inevitable.
Swift and decisive action to close the breach and restore security is expected, of course. But unfortunately, remediation doesn’t end there. News stories that involve the large-scale theft of user credentials is music to the ears of an entirely different class of criminals, specifically phishing and identity theft experts. Through seemingly authentic emails or social media posts, which can be personalized according to an end user’s known contacts, scammers direct their intended victims to sophisticated counterfeit websites and mobile applications. These attackers prey on the end user’s fear that their key accounts have been compromised, enticing them to disclose their confidential information. The emails and mobile apps might even be branded with the company’s logo, with messages like:
We noticed some unusual credit card activity on your account and have temporarily suspended it until we can verify your identity. CLICK HERE to reset your personal security questions and restore access.
The companies most at risk from these phishing schemes tend to be those that have deployed web engagement strategies including customer logins or saved personal profiles.
What can recently breached organizations like P.F. Chang’s, SuperValu and Albertson’s do to minimize risks from these secondary threats? At BrandProtect, we strongly advocate three basic best practices that corporations should take to minimize their customer’s exposure to phishing attacks:
[wp_ad_camp_4] First, businesses should deploy and promote a prominent abuse box process on their home page. It sounds simple, but a company’s end users are fantastic resources in the fight against identity theft attacks. When observant end users receive a suspicious email, organizations should encourage them to forward the mail to the abuse box where the business’s security team can validate the email as legitimate or flag it as a scam. When scam emails are discovered, as appropriate, the next step should be to publicize the details of the scam on the home page so that customers are alerted as soon as possible.
Second, it’s important to engage the services of anti-phishing service providers. By deploying multiple spam and phishing email capturing techniques, an anti-phishing provider can provide attack detection at a far greater scale and with greater effectiveness than an in-house security team acting on its own. For example, BrandProtect captures, processes and evaluates millions of suspicious emails daily, identifying emails that include our client’s brands and other images. These branded emails are carefully reviewed to identify scam emails that could entice unsuspecting end users into revealing their online credentials. A reputable vendor will be able to mitigate these threats quickly.
Lastly, enterprises should extend their threat monitoring services beyond just email. Companies should invest in an anti-phishing provider that offers enterprise-class brand protection, spanning both cyber-threat discovery and evaluation. Some companies are under the misconception that because they are monitoring for suspicious emails, they’re keeping the brand safe. Unfortunately, email monitoring is only part of the answer. To truly protect against risks posed by scammers, businesses must also search for the newly published web domains, counterfeit web pages, and rogue mobile applications that cyber criminals create to support their illegal schemes. Top tier service providers deliver solutions that integrate monitoring for all of these threat channels and more.
The very best providers deploy enterprise-class threat detection platforms that automate a majority of the detection and filtering processes and use deeply experienced threat analysts to validate and cross-check results. Additionally, with an enterprise-class platform, results are captured in sophisticated workflow-based portals that enable reporting, contextual analyses and auditing. APIs can connect threat information to other in-house security systems to provide a complete understanding of potential threats. The right partner will be able to detect and evaluate risks at a scale companies could never afford to achieve in-house. Further, using a threat monitoring platform allows top notch security teams to focus on only the relevant, actionable incidents that represent actual risks to a company’s reputation.
By Greg Mancusi-Ungaro, CMO, BrandProtect
Bio: Greg Mancusi-Ungaro is responsible for developing and executing the BrandProtect market, marketing, and go to market strategy. A passionate evangelist for emerging technologies, business practices, and customer-centricity, Greg has been leading and advising world-class marketing initiatives, teams and organizations for more than twenty-five years. Prior to joining BrandProtect, Greg served in marketing leadership roles at ActiveRisk, Savi Technologies, Sepaton, Deltek, Novell, and Ximian, building breakthrough products and accelerating business growth. He is a co-founder of the openSUSE project, one of the world’s leading open source initiatives.