Every SME knows the sheer amount of effort and sustained commitment required to build your brand successfully. The vast majority of our time and effort goes into ensuring product quality, managing our team, fostering excellent customer service, and running various marketing campaigns, this is to name but a few of the plates that the average entrepreneur needs to spin in order to run their business.
It’s understandable that, inevitably, some of these plates get dropped. Some may never have been spinning in the first place and could have caused damage to your brand you’re not even aware of yet. The phishing and smishing information outlined below is worthy of an entire book on the subject but it takes only a few minutes of your time to familiarise yourself with the core concept and become a better defender of your brand in the process.
Phishing and Smishing – What is it?
You might not be familiar with these terms, but you need to be. They refer to cyber-crime which targets victims via email, phone and text messaging services. The typical set-up involves the scammer pretending to be someone they’re not, usually a well-known brand that has been trading and advertising for many years.
The scammer then encourages a victim to engage with them, usually by clicking a website link embedded in their message. Of course the link the victim clicks has nothing to do with the ‘real’ brand and instead they are directed to a website designed to mimic the real site and capture personal information such as banking details etc.
As your brand grows in popularity it becomes an increasingly lucrative target for criminals to ‘identity theft’ as the trust-worthy face of their scam.
How do you protect against it?
Ideally the would-be victim is tech savvy enough to easily identify most of these scams. The ploys often vary in their level of sophistication, with many being of such low effort that the scammer relies on a huge volume of messages sent to snare only a tiny percentage of victims.
Unfortunately we cannot exclusively rely on the experience and scepticism of the people targeted by these scam messages, we need to be proactive in our defence, which we have summarised into key areas:
Prioritise the safety of your customer’s data.
The most important step to protecting your brand is to protect your customers. Encrypting user data, regular software updates, minimising data availability and differentiating between information to be ‘stored’ versus ‘verified’ are all crucial factors. This guide from Decibel lists nine of the best practices for keeping your customer data secure.
In the majority of cases if you are doing this step correctly then your customer’s private information will be safe. The problem is, just because their information is safe on your site doesn’t mean their information is safe everywhere. Often a victim’s personal contact information has been leaked from a different source.
The average web user has their digital information all over the web and it only takes one leak from a single source to end up on a ‘mailing hit list’.
Notify customers if you get wind of a scam.
So you’ve implemented the above step perfectly but through no fault of your own people (many of whom may never have dealt with your brand before!) are beginning to receive suspicious text messages and emails from a source claiming to be your brand.
The most dangerous scenario here is when victims are caught in the overlap. This refers to people with leaked contact who have been targeted by a scammer AND have also, by pure coincidence, also been a customer of yours in the past. This overlap demographic are the most at risk as they are more likely to be receptive to a random message if it appears to be from a brand they’ve bought from before.
This is why it’s so important to notify your customer base when you realise your brand is being used as ‘the face’ of the scam. This is not a pleasant thing to do, it can panic customers and gives the impression that you are somehow at fault. It’s important first to verify that no data leak has occurred on your servers and then clearly and simply explain this fact to your customers.
Use your website, emailing list and social media platforms to raise awareness of the scam. Encourage customers to report any suspicious activity with a dedicated channel of communication for fraud such as firstname.lastname@example.org. You can go a step further and publish examples of what the scam messages actually look like to help educate your customers what to look out for. You can see an example of this publishing strategy on the Wonga website.
Sharing as much information as possible is good. It demonstrates that the scam could come from many different devices and mediums. Publish known numbers and URLs that have been used by criminals. Make it as difficult as possible for them to continue to operate by keeping your own communications on their activity regularly updated.
Be on regular lookout for misuse of your brand, forever.
This final step should become part of your monthly digital maintenance for brand reputation. Google is your best friend here. It’s possible to perform search queries for your brand that only show results that have been published within the last 24 hours, week, month or year. This means that you can easily keep abreast of the most recent pages indexed on the web that are mentioning your brand in some capacity.
You should apply the same approach to all major social channels as it’s becoming common for scammers to also develop fraudulent brand properties on Facebook, Twitter and Instagram. From personal experience it can take a long time to get these fraudulent social profiles removed once you have flagged them as fake identity, so the sooner you’re on this the better.
Accepting that this will be a regular and permanent part of your digital maintenance can be daunting but ultimately it will mean you’re better prepared and in position to make decisions quickly should something untoward occur.
Best of luck out there and stay safe!