Smaller brands should warn customers about phishing attacks

A study from email authentication firm Iconix indicates smaller brands and even social networks could be putting customers at risk by not warning against phishing messages. According to the study, 1 in every 6 phishing messages are opened.

by Kristina Knight

Iconix profiled 10,000 of their own users for the 6-month study. Iconix offers email authentication to its users, and even with that authentication, research found that almost 20% of phishing messages were still opened.

Surprisingly, the most opened phishing messages from the study were social messages - e-cards, notes from social networks and even dating sites - rather than the traditional financial phishing messages.

Jeff Wilbur, vice president of marketing for Iconix, said, it makes sense that phishers would change to a more social message. "When an email comes from a 'friend' you don't think of that as a problem," he said. Plus, with all of the press that financial phishing scams are getting those scammers have to look elsewhere for targets.

One place phishers are looking for targets, besides social networks, are smaller, regional financial institutions. The larger, national banking chains have done a good job of advising clients about email threats, but the smaller chains, according to Wilbur, have not been as vocal. This has left their brands, and their customers, open for invasion.

No matter what size brand, Wilbur suggests educating customers and using email authentication for marketing messages. "Some people don't open any marketing emails," Wilbur said. By using authentication software, marketers can reassure their clients that emails are secure, reducing the fear of having information stolen.

Tags: email filtering, email marketing, Iconix, phishing, security

Comments (2)

Email to a friend

Print this article

Subscribe to BizReport

Comments

I was shocked last week by the refusal of Charter Internet & Cable to do anything about a phishing message I received. Someone posing as Charter was asking me for extensive password and other key identifying Charter information. So I contacted Charter to alert them to the scam. To me their response was shocking. They said it was not their job to address scams originating from outside Charter. This is what they told me: * The Charter High-Speed Internet Security Team can only process incidents of abuse coming from IP addresses registered to Charter Communications. Abuse from IP addresses not registered to Charter Communications should be directed to the registered owners of the IP address in question. The following link should be of assistance in locating the organization responsible for an IP address, http://www.arin.net/whois. As a customer for many, many years, I was dismayed that they didn't feel like it was their job to alert their customers to scams going on in their name.

Posted by: V. Damron on February 26, 2007 16:22

Further about Charter: I just noticed in their customer newsletter they do have the phishing warning posted. I wasn't aware that it was in the newsletter, but I'm glad it is. Thank you, Charter.

Posted by: V. Damron on February 26, 2007 17:19