Phishing: Reputational damages
Introduction
When phishing and damages are thought of in the same sentence, the typical thoughts of many are the loss of data due to theft, identity theft and ultimately financial theft. While phishing can cause these types of damages, there is one major category of damages that may go overlooked: reputational damages. This type of damage is not always the most apparent, such as a loss of data or financial resources, but they can be severely destructive just the same.
This article will detail the reputational damages that result from phishing. We will explore what reputational damage is, the different types of reputational damages that stem from phishing and the different ways in which an organization can face reputational damages.
Phishing simulations & training
What is phishing?
Phishing is a term that has been all over the place in recent years, due its meteoric rise alongside the rise of widespread internet use in society. Phishing refers to the fraudulent attempt to steal sensitive information from victims, usually beginning with an email. This sensitive information includes login credentials (such as usernames and passwords), financial information and other personal information. The information can then be used by the phishers to steal money and wreak all manner of havoc against the victim.
Phishing is still a top priority for many organization IT departments and security teams, regardless of the fact that phishing has been around for decades. Below are some useful statistics for grasping the impact of phishing today:
- Phishing is the cause of 90% of data breaches
- The average cost of these data breaches is US $3.92 million
- 76% of businesses report being on the receiving end of a phishing attack
- Of those targeted by phishing, 30% open the phishing message
- From 2018 to 2019, there was a 65% jump in phishing attempts
- This trend has continued, with COVID-19 and other assorted pandemic phishing attempts flooding the internet
What types of damages can phishing cause?
For what may seem like an insignificant risk to those without cybersecurity training, phishing can be fairly destructive with more types of damage than you expect. The damages associated with phishing are:
- Data loss
- Financial loss due to financial data theft
- Reputational damage
- Identity theft
Despite being one of the most common types of damages associated with phishing, reputational damage is normally overlooked when discussing phishing damages. Without further ado, let’s delve into what reputational damages are.
What are reputational damages?
This question has a short answer and a long answer. The short answer to this is that it is damages caused by phishing to the reputation of the victim. You could have probably guessed this based upon what these damages are named, but the long answer may shock you.
The long answer to this question is that reputational Damages can come in many different forms. Below is a rundown of some of the most common types of reputational damages.
Types of reputational damages
What makes reputational damages possibly the nastiest of the phishing damages is how extensive and entangled the reputational damage can be. Instead of being one instance of reputational damages, phishing attacks can result in multiple different types of this damage.
Damage to reputation or brand
For lack of a better term, damage to reputation is the most obvious form of reputational damages. This is the classic reputational damage that most probably think of and is the damage inflicted upon the victim’s reputation based upon the phishing attack (normally compounded by a resulting data breach). This example can be best explained with the relatively current example of Equifax. This credit reporting bureau has been synonymous with the term “data breach” since its infamous incident, demonstrating the devastating effect that phishing attacks can have on the victim’s reputation.
The worst part about this form of reputational damage is that it may take decades for reports of the phishing attack to fade from public memory, causing repercussions to last for years.
Loss of customer trust
The next knock to an organization’s reputation is loss of customer trust. Confidence is critical in business; all brands are ultimately built on trust and it is not uncommon for organizations to have years of confidence built up with their customers. The reality is that phishing can cause an organization’s customers to have a steep drop in confidence.
For example, the compromise of Facebook user data in 2018 due to phishing caused the social media pariah’s valuation to plummet by $36 billion. Once a phishing attack has made victims of an organization’s customers, they are 42% less likely to engage in business with that organization.
Further lingering reputational damages
Reputational damages do not stop at the above flavors of damage. In fact, there are several ways in which lingering reputational damages can hurt an organization after the phishing attack. Phishers can access the contacts in a compromised email address and start sending messages to its email contacts, which may damage the reputation of that organization employee. When an organization is known to have fallen victim to phishing, a recent report has shown that email inbox placement rates fall by 10%, with Gmail and 7% with Yahoo email.
Lastly, reputational damages may extend to partnerships with third party vendors that would be less likely to do business with a company that has a reputation for falling for phishing.
See Infosec IQ in action
Conclusion
Phishing can be incredibly destructive for organizations, causing multiple different types of damage. One type of damage that should not be overlooked is reputational damage. Reputational damages can affect the organization’s brand image and trust that their customers have in the organization, as well as other lingering reputational damage caused by their phishing nightmare.
The best way for organizations to handle this issue is to provide a robust cybersecurity training program for their employees with a focus on phishing and recent phishing email trends.
Sources
What Damage Can Phishing Cause to Your Business?, Stage2Data
How Can Phishing Affect a Business?, Cybsafe
Phishing Attacks Pose a Serious Threat to Brand’s Reputation, IT Pro Portal
The True Cost of a Phishing Attack, Retruster
In this Series
- Phishing: Reputational damages
- Keeping your inbox safe: How to prevent business email compromise
- The best 9 phishing simulators for employee security awareness training (2023)
- How to set up a phishing attack with the Social-Engineer Toolkit
- Extortion: How attackers double down on threats
- How Zoom is being exploited for phishing attacks
- 11 phishing email subject lines your employees need to recognize [Updated 2022]
- Consent phishing: How attackers abuse OAuth 2.0 permissions to dupe users
- The state of BEC in 2021 (and beyond)
- Why employees keep falling for phishing (and the science to help them)
- Phishing attacks doubled last year, according to Anti-Phishing Working Group
- The Phish Scale: How NIST is quantifying employee phishing risk
- 6 most sophisticated phishing attacks of 2020
- JavaScript obfuscator: Overview and technical overview
- Malicious Excel attachments bypass security controls using .NET library
- Phishing with Google Forms, Firebase and Docs: Detection and prevention
- Phishing domain lawsuits and the Computer Fraud and Abuse Act
- Spearphishing meets vishing: New multi-step attack targets corporate VPNs
- Phishing attack timeline: 21 hours from target to detection
- Overview of phishing techniques: Brand impersonation
- BEC attacks: A business risk your insurance company is unlikely to cover
- Cybercrime at scale: Dissecting a dark web phishing kit
- Lockphish phishing attack: Capturing android PINs & iPhone passcodes over https
- 4 types of phishing domains you should blacklist right now
- Email attack trend predictions for 2020
- 4 tips for phishing field employees [Updated 2020]
- How to scan email headers for phishing and malicious content
- Should you phish-test your remote workforce?
- Overview of phishing techniques: Fake invoice/bills
- Phishing simulations in 5 easy steps — Free phishing training kit
- Overview of phishing techniques: Urgent/limited supplies
- Overview of phishing techniques: Compromised account
- Phishing techniques: Contest winner scam
- Phishing techniques: Expired password/account
- Overview of Phishing Techniques: Fake Websites
- Overview of phishing techniques: Order/delivery notifications
- Phishing technique: Message from a friend/relative
- [Updated] Top 9 coronavirus phishing scams making the rounds
- Phishing technique: Message from the boss
- Cyber Work podcast: Email attack trend predictions for 2020
- Phishing techniques: Clone phishing
- Phishing attachment hides malicious macros from security tools
- Phishing techniques: Asking for sensitive information via email
- PayPal credential phishing with an even bigger hook
- Your 2020 tax scam training guide
- Abusing email rules
- 8 phishing simulation tips to promote more secure behavior
- Top types of Business Email Compromise [BEC]
- Be aware of these 20 new phishing techniques
- Phishing in academic environments
- Phishing-as-a-Service
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
