Johannesburg, 30 Oct 2014
The number of phishing e-mails continues to rise globally and it's no longer primarily financial services and utility brands that are being used to target unsuspecting consumers.
According to Simon Johnston, strategist at customer communications management (CCM) specialist, Striata: "Branded loyalty communications are also being exploited in an attempt to solicit criminally valuable personal information."
Although the spoofing of loyalty communications is not new, the fact that this is mentioned in the latest Internet Security Threat Report from Symantec reinforces the requirement to safeguard all digital communications - even those that don't seem a likely target for phishing scams.
Johnston believes loyalty programmes with points that can be exchanged for cash and those that do not follow any anti-phishing communication guidelines are at highest risk of becoming targets.
"Loyalty programmes within banks are high risk based on several factors," says Johnston, "A stolen member ID for example, can be used to access cash from a member's accrued loyalty points if that is the reward. Customers may also be less suspicious and not apply the appropriate level of caution when personal information is requested by a trusted loyalty brand."
Johnston recommends that all businesses with loyalty programmes conduct a gap analysis on their member communications to assess the risk of the brand being used in a phishing scam that targets their members.
"The best defence is member education," says Johnston. "Make your members aware of what will and will not be included in your communication, as well as how to spot a fraudulent e-mail."
Johnston cites the following ways to protect a brand from phishing scams:
* Digitally sign all outbound e-mail, including your marketing campaigns
* Always personalise your e-mails to show the recipient you know them
* Use sender authentication to ensure customers that your e-mail messages come from a legitimate source
* Discuss the implementation of technologies such as DKIM, DMARC and SPF with your IT department or ESP
eBucks gets member education right!
Leading South African loyalty brand, eBucks, is well aware of the risk of phishing attacks on its members.
"Fortunately eBucks has been educating its members for many years by implementing many tools and tactics, some of which were recommended by Striata to combat phishing," says Johnston.
Monique Smith, Executive for FirstRand Group Partnerships at eBucks, confirms its ongoing commitment to educating its members. "In addition to constantly reminding our members that we will never send an e-mail requesting personal security details, there are a number of additional points we stress in our communications:
1. Secure sites will publish a Web certificate that shows as a padlock next to the address bar in your browser. This proves that you are entering a secure site. Check the URL. If the URL does not conform to what you would expect, i.e. www.bank.co.za, do not continue. The correct URL, coupled with the presence of the padlock is an indication that you are entering the legitimate site. There are also Web sites where you can verify the owner of a URL.
2. To avoid the risk of downloading spyware or malware, the Internet security settings can be changed to always ask for confirmation before downloading anything to your computer.
3. Use common sense: if the e-mail content seems too good to be true, then it probably is. Be cautious when opening unknown attachments or downloading any files, regardless of who sent them. Don't e-mail personal, financial or password information in the body of an e-mail, EVER.
"To avoid falling victim to a phishing scam, loyalty programmes need to improve their e-mail design, review their security protocols and continually educate members in order to provide the best customer loyalty experience, without the phishing risk," concludes Johnston.
Simon Johnston, Key Account Strategist, Striata Africa
Johnston has 12 years' sales experience in the medical and now IT fields, managing customer accounts. His focus is on the strategy, planning, execution and delivery of electronic billing processes. Johnston was previously an account strategist for the Striata eBilling team where he engaged with customers on a strategic messaging level.
He is now managing Striata SA's key accounts, ensuring communication and relationships are maintained within key accounts.
Johnston holds a Degree in Genetics (WITS) and an Honours in Psychology (UNISA).
Share