I am one of you. I have been in the marketing field for more than 20 years and have seen unimaginable technology shifts that have made the world a more connected and efficient digital machine. We can now engage digitally with consumers around the globe on so many screens (watch, mobile, tablet, laptop, desktop, TV, automobile, etc), at any place and at any time. The companies we work for have greatly benefited from this new digital age. We now have data everywhere, including customers, employees, and third-party data on all kinds of devices, on-premise and in the cloud. Combine these two digital shifts and we have an amazing opportunity as marketers to engage in a personal way with our customers like never before. With this great opportunity, there also comes great risk if your company is not protecting itself from digital risks.
Everyone knows about the brands that have been breached. You read about it in the headlines almost daily that another brand has been breached and the data belonging to hundreds of millions of customers and employees has been stolen. Breaches have become so common that we are all getting tired of hearing about it. Many of the breaches occur due to phishing and social engineering; making use of malicious websites, fake social media profiles, and fake mobile applications to trick customers and employees to unknowingly hand over their personal data and log-in credentials. This data is then used for profit by the attackers or sold on the open, deep, and dark web for others to do what they will. It impacts everyone including the company, the brand, customers, third parties, employees, you, me, and even our kids.
As marketing leaders, we are all brand stewards for our company and our customers. We need to do everything we can to make our customers love us and trust us. We could do 99.999% of things right, but with one simple “We’ve been hacked” experience, it could wreck it all. That is why we must play an active role working with our security team and be proactive in managing digital risk to protect the brand. As I have learned over the years, the best way to help customers and businesses is to tell them real customer stories that they can relate to as they share the same pain and concerns. I am about to share some real customer stories with you. These stories are really important as many of you, your brand, and your customers may be impacted by these same issues. Here are some customer stories that are 100% real that every marketing leader should know about as these digital risks are your risks.
- We found malicious website domains that look like the real brand:
By monitoring for registrations of domains that appear to look similar to a well-known brand’s website, a spoof domain was discovered. The domain had been registered overnight, swapping a “rn” for an “m” so it looked exactly like the brands .com website. The content was an exact mirror of the client’s legitimate site and, aside from lacking some functionality of the legitimate site, appeared genuine to the casual user. The goal of the fake website was to fool unsuspecting users into entering in their usernames and passwords. The attackers could then use these credentials to login as the customer, take over their account and drain their funds resulting in upset customers who have had their money stolen and ultimately hold your brand accountable. Brand damage successful.
The good news is with effective Digital Risk Management, you can identify these fake websites, and take them down before fraud is conducted against your customers.
Example: Malicious website domain detected, impact, recommended action, and takedown.
- Fake social media profiles that are indistinguishable from your real brand:
By monitoring social media profiles for a very large customer, we discovered that more than 500 fake social media profiles that were hijacking their brand. Some of the profiles looked so legitimate, that the company was amazed by how close the cyber criminals came to replicating their legitimate social media site that even some employees could not determine if it was real or not. Cyber criminals used these fake profiles to sell counterfeit products, steal credit cards as well as credentials. Brand Damage Successful.
The good news is with effective Digital Risk Management, fake social media profiles can be quickly identified and taken offline.
- Your customers unknowingly using fake mobile applications taking advantage of their privacy:
By monitoring official app stores including the Apple Store or the Android Market as well as and third party app stores for references to the company’s branding, a malicious app impersonating their brand was detected. Analysis of this malicious app revealed that it had spyware capabilities and could steal information from its users. It could steal data ranging from sensitive documents to login credentials. Brand Damage Successful.
The good news is that with effective digital risk management, the company was provided with an overview of the risks associated with the mobile application, screenshots of the application, and critically the ability to have the malicious app removed from the store.
Example: Fake Mobile App detected, impact, recommended action, and takedown
These are just three real stories that had the potential to impact consumers and the brands they trust. There are hundreds more examples of brand exposure that you as a marketing leader must learn more about. You can also read up on additional brand exposure use cases here. Earlier, I asked you to listen to these stories as these same stories could be happening to your customers, putting your brand at risk. It is not my intention to scare you but to educate you on what is going on right now, today, this very minute.
This is why as marketing leaders, we must take action to work with our security team to manage digital risk and protect our brand. By considering the security implications of phishing sites and social media, security shifts from an IT function to a company-wide concern. If you take action, you can minimize the impact of a hack or stop it before it effects your customers and your brand.
Dan Lowden, CMO, Digital Shadows
Dan Lowden has more than 20 years of executive-level experience in technology marketing. He has successfully driven demand generation and brand leadership for large enterprises and startups in security, mobile computing, wireless services, enterprise software, and cloud. Previously Dan was Chief Marketing Officer at Invincea, a machine learning next-gen antivirus company that was recently acquired by Sophos. Prior to that, he was VP of Marketing at vArmour, a leading data center and cloud security company. Previous roles also include VP of Marketing at Digby (acquired by Phunware), and VP of Marketing and Business Development at Wayport (acquired by AT&T). In addition, he has held marketing leadership positions at IBM, NEC, and Sharp Electronics. Dan holds a Bachelor of Science in Finance from Rider University and an MBA in International Business from Rutgers Graduate School of Management.