By SIMON MURRELL, head of development and executive director at BrandQuantum
Identity theft and data breaches are on the rise, with Fraudscape stating in its 2019 report that identity theft hit an all-time high of more than 174,000 cases in 2017 in the UK alone. Locally the figures are just as grim with TransUnion research revealing that 49% of South African consumers have either been a victim of ID theft, or know someone who has.
As identity theft is a growing concern for consumers, they are being encouraged to take precautions to prevent falling victim to cybercrime and identity theft. The Banking Association of South Africa has provided customers with several tips on preventing identity theft, including not disclosing personal information to anyone without knowing who they are disclosing the information to and for what it is being used.
While customers may be taking precautions to safeguard their personal information and verify the companies they provide personal information to, they are entrusting organisations with their details and expect them to have measures in place to ensure that their data remains secure. However, according to the World Wide Worx State of Enterprise Security in South Africa 2019 study that was conducted in association with Trend Micro and VMware, only 35% of South African IT decision-makers were prepared for cyberattacks at any time in the next 48 hours.
Companies need to take action and have processes in place that not only protect their customer’s details but also provide their customers with tools to help prevent them from falling for phishing scams or spoofing emails for example.
Email verification tools
Email spoofing occurs when recipients receive emails that resemble official organisation emails. For example, a client may receive an email that appears to be sent from his bank with the corporate logo and similar distinct graphics that have been sourced online or copied from legitimate emails sent from the organisation previously. These images are embedded into spoof emails to convince recipients that the emails are legitimate and encourage them to follow specific phishing instructions for example.
However, email spoofs are not only sent to customers; there are instances where emails appear to be sent from internal sources to company departments and employees with particular instructions. These include instructions that request immediate payment of funds or for funds to be released or even requesting particular customer details. Without the necessary verification tools in place, these emails are often actioned with immediate effect.
With most malware coming from emails, it is evident that companies lack mechanisms for email authentication. These emails often look legitimate at quick glance and as such the recipient is likely to action it as per the instructions included. To overcome this, company email signatures should aid in enhancing security. This could include providing recipients with a verification page that provides additional information about senders, qualifications, titles, and details about the company.
The details included on the verification should be approved by various departments within the organisation to ensure that the job title and qualification for example, are accurate. In addition as email correspondence can constitute a legal document, the organisation should put measures in place to ensure that all emails that leave the company authenticate the identity of the sender on behalf of the organisation.
Click here to read about the security measures companies should adopt to ensure authenticity for their customers.