Posing as a reputable company on the Internet is alarmingly
simple. In fact, erecting a seemingly legitimate corporate Web page can
be as straightforward as copying and pasting from the real thing. As a
result, companies are increasingly falling victim to fraudsters using
"spoofed" e-mails and Websites to dupe their customers into
sharing credit card numbers and other personal information. These kinds
of corporate identity attacks undermine customer confidence and loyalty,
ultimately costing a business dearly in customer service issues, bad publicity
and lost revenues.
The following are six steps to help manage the risk
of corporate identity theft:
1. Harness your stakeholders to provide early warnings;
implement a program that makes it easy for employees and customers to
report any suspicious spam e-mails or Websites that they encounter. Employees,
suppliers, distributors and even customers or investors can help a company
monitor for Internet-based corporate identity attacks, sounding the alert
in time to mitigate the damage.
2. Encourage your customers NEVER to click on links
in e-mail. Customers should instead directly type or "bookmark"
trusted Internet destinations. Spam e-mail can be easily altered so that
it appears to have originated from a legitimate source, and can be practically
indistinguishable from the real thing. Although many companies and organizations
have tried to educate consumers on how to detect fraudulent e-mail, even
experts can sometimes find it difficult.
3. Adopt a policy never to contact your customers via
e-mail for any reason that would require them to share personal or account
information and communicate the policy to customers. Acclimatizing customers
to e-mail notifications makes them vulnerable to future identity theft
attacks.
4. Make sure you're easy to find online. Promote your
Website address and keep it simple to avoid typos and misspellings. Exert
as much control over the customers' online experience as possible by trying
not to rely on others to deliver your customers to your site. When customers
attempt to locate your Website through vehicles such as search engines,
partners or spam, it provides an opportunity for others to intercept them
before they arrive.
5. Carefully manage your domain registrations and consider
monitoring for new registrations that include your company name or trademarks.
You may also want to register common typos or misspellings of your Website
address before somebody else does. You can then automatically redirect
wayward customers to the correct address.
6. Figure out your response to an attack BEFORE it happens.
There are lots of resources to help you with your action plan. Many trade
associations have formed committees and working groups to share best practices.
It’s also advisable to seek advice and establish relationships in advance
with law enforcement and other parties who can help take down fraudulent
sites if an attack occurs.
Adapted from "Defending the Brand: Aggressive Strategies
for Protecting Your Brand in the Online Arena," by Brian Murray (AMACOM
Books, 2003). Click
here for more information about his and other AMACOM business titles.
To learn more about this topic, consider these AMA seminars:
|
