According to the recently released Anti-Phishing Working Group (APWG) Phishing Activity Trends Report for Q1, 2012, the number of brands hijacked by phishers reached an all-time high in February and March of this year. As if that wasn’t enough, the APWG also reported that the number of unique phishing sites detected in a month also set a new monthly record. Yikes! So, given the increase in all this phishing activity, what is a brand to do to better protect itself?
The APWG reported that in February and March of this year, 392 brands were targeted each month leading to an 8% increase over the previous high set last December. Prior to the December figure, the high-mark was set back in August of 2009. Moreover, the number of unique phishing sites detected in a month reached 56,859 in February, eclipsing the previous high of 56,362 also set back in August 2009. Just to put this all into perspective, these numbers indicate that in February of this year, 81 phishing sites were launched every hour of the month or just over one new phishing site every minute! Now that’s a lot of phish!
Factoring in the impact to a brand, according to a recent Cisco report the reputational cost to a brand (negative impact to the brand) as a result of an attack is approximately $1900 per infected user. Taking this figure, you can approximate that the reputational cost of an attack that compromises 500 accounts is almost $1 million. And, if you add in additional costs such as the direct financial loss to the cybercriminals along with any internal resource costs (help desk, forensic investigation, etc.), the cost of an attack goes up to about $1.4 million!
While major brands, particularly those within the financial and payment services sectors, are no-doubt aware of this trend and likely have brand protection strategies in place, there are many others who may acknowledge the problem but feel their brand is not big enough to be phished. To those in this camp; let’s just say that if the current phishing trend continues, I’m not sure anybody with an online customer base will be immune to any future attacks. This becomes particularly concerning for those brands whose only presence is online and relies heavily on email marketing to drive revenue and customer awareness.
But what can a brand do to better protect itself and its customers? Hoping and praying your brand will not be attacked may work for some, but for those who believe that hope is not a strategy, here are a few additional ideas: