What Can We Learn from the Recent Verizon Customer-Facing Phishing Attack?

11 - April 2019
Elad Schulman

Many companies focus their anti-phishing education and security solutions on employee phishing scams, encouraging staff to be careful which email links they click on, or what attachments they open. Businesses are worried that their employees might inadvertently provide hackers with the opportunity to access their critical assets and go after customer data.

Little do they know, the attackers are busy cutting out the middleman, going straight after consumers in phishing scams that impersonate the companies they trust.

One Painful Example – Verizon Alerted to a Consumer Phishing Scam, Five Months Too Late

Verizon have learned this lesson the hard way this month when a third party uncovered a consumer phishing scam that has created more than 50 false Verizon domains to fool mobile customers into providing sensitive information. This attack has been preying on their customers since November, leaving Verizon to play catch up, using their resources to find and take down domains, and sending out warnings to their customers to be vigilant. For the existing victims, this was all too little, too late.

The simple truth is, while employee phishing scams are a security issue, consumer phishing scams are a business issue. When your customers fall victim to a phishing scam, you lose the most important asset you have – their confidence in you as a brand.

Here are some of the more painful consequences of a consumer-focused phishing scam:

  • Reputational damage, as formerly loyal customers lose trust in your company. 78% of customers would stop engaging with a brand after a data breach.
  • Financial loss, including loss of earnings, business disruption, financial penalties and added maintenance costs.
  • Regulatory action, such as failing to comply with GDPR, in case the company is found negligent for the loss of data or breach to sensitive information.
  • A drop in company value, as stock prices plummet and investors lose faith in your brand. Facebook saw a drop in company value of $120 billion in 2018, a hit most companies could never recover from.

A Phishing Attack Could Happen to Anyone

Above you can see a consumer phishing scam that targeted a huge brand, Netflix.

Imagine if this arrived in your email inbox or as a pop-up, when you might even have Netflix running as an app in the background. Believable, isn’t it? The friendly voice, the familiar logo, even the internal links to help pages or customer support.

As a business, it can feel like these types of threats are impossible to solve. Training staff around suspicious emails is easy, as all the risks are coming into your own network. In contrast, consumer phishing scams are an unknown quantity, and can strike anywhere at any time. The first sign of a problem can be when your customers report stolen details or a fraudulent encounter, which leaves you fighting the attackers in crisis mode, and apologizing to your consumers after the fact. You need to adapt to a solution that allows you to solve the problem proactively, stopping the attackers before the fake website has a chance to launch.

Help Your Customers Trust Your Brand

Enter Segasec, your one-stop-shop against consumer phishing scams, where threats are identified at the earliest possible stages, when the attackers are still in preparation mode. Suspicious domains and any hint of content scraping trigger an alert, and the consumer phishing scam is taken down before your business can pay the price.

Interested in hearing more about our perfect track record against consumer phishing scams? Get in touch to schedule a demo.