Articles about website spoofing, cybersecurity trends, and how to protect your customers from hackers.
Like the rest of the financial services industry, regional banks and credit unions face increased cyber attacks on their institutions and customers. The Federal Deposit Insurance Corporation recently warned of increasingly sophisticated cyber attacks against banks. The FDIC attributes the increase to more employees working from home, as well as, more people using digital banking services more often. An associate director of the FDIC’s anti-money laundering and cyber fraud division said that in particular attackers sought bank-account-holder information in order to log-in and initiate digital transactions.
Around the same time, the National Credit Union Association warned of heightened risk of social engineering scams targeting federally insured credit unions. The warning also reminded credit unions to educate their members on how to avoid these threats. Many of these scams involve directing victims to fake websites that impersonate a trusted financial institution’s brand. These scam sites also include fake username and password fields used to steal customers’/members’ credentials. The Federal Trade Commission categorizes these types of attacks as business impersonation fraud and also recently warned of a spike in these scams. PenFed Credit Union, for example, has recently experienced a wave of look-alike websites spoofing their brand.
Taking action to protect your regional bank’s or credit union’s brand online goes a long way in protecting your institution and customers/members. If you’re in the midst of your digital transformation, or have already completed it, going all-in on digital means retaining control of your brand online.
This article explains the top five things every bank and credit union should do to protect their digital brand. A solid plan will require collaboration across marketing, security, legal and potentially other teams.
Banks and credit unions that use a distinctive logo and other brand imagery have a big advantage when it comes to defending their brand. Trademark violations of distinctive marks are easier to enforce in the takedown process. Perhaps more importantly, distinctive logos and other marks are much easier to identify. Companies that choose generic-looking marks such as a pyramid, dot, or square can be more vulnerable to brand impersonation attacks because these marks appear everywhere.
It’s important to register all of your trademarks and copyrights, and keep them up-to-date. Start with the US Patent and Trademark Office and European Union Intellectual Property Office. Too many banks and credit unions fail to take the time to register all the variants of their brand names and logos.
Unregistered variants make enforcement challenging, especially in the cases where the content hosts have lenient policies with respect to impersonation and infringement. On the extreme end, it’s especially difficult to enforce a trademark someone else has registered because you failed to.
For a brand protection program to succeed, a brand needs to establish itself with anchor points in the key online arenas that customers, partners, and employees frequent.
First and foremost is your web presence. Domain name registration is inexpensive but must be used wisely. Register any domain name that you plan to do business on. Consider registering on multiple top-level domains (TLDs) as well, especially if you do business internationally. You should NOT register every possible variant of your domain name – you’ll spend the rest of your life trying to do so.
Also make sure to establish accounts for your key brands and, where appropriate, key executives, across all the major social media platforms. Don’t wait for someone else to create accounts that impersonate your brand. Be proactive as new platforms enter the market, establishing your legitimate brand presence.
Each time a user engages with an impersonation of your banking site, credit card sign up, or other unauthorized use of your brand online, you lose trust. Word of scams and forgeries spreads on social media, and businesses find themselves on their heels having to do both incident response and damage control simultaneously.
Avoid that mess by being proactive about finding and eliminating brand impersonations. While the internet is large and impersonations can be easy to hide, tools are available to help identify and review potential brand threats. Look for vendors who can prove their capabilities to find threats to your banking and loan customers before you engage in a long-term contract.
It’s important to have a plan for your response to brand forgeries, scams and other trademark abuse online. Get into the details so that all involved teams within your institution have an agreed-upon set of response actions.
Website impersonations that lead to fraud are different from websites that abuse trademarks. Social media impersonations are handled differently on every platform. Rogue mobile apps also require a unique plan in case they pop up impersonating your brand. If this all sounds complicated, well, it is.
This is one area where scammers have the advantage. Rest assured, if you commit the time, you can figure this out. If that doesn’t sound appealing, there are reputable takedown vendors who can help manage the entire process for you. The best takedown vendors also offer proactive detection services (see tip #4).
Protecting your digital brand is critical for any modern bank or credit union. Report business impersonation scams to the FTC at www.reportfraud.ftc.gov. Learn more about protecting your brand and how to build a strategy with our guide to online brand protection.
Posted by Josh Shaul