Last year was an unprecedented time for cyber security and fraud with a record number of exploited vulnerabilities and high-profile breaches. One such exploit making news recently is fake news. Cybercriminals do a good job of making these fake stories appear real, but they are created to trick the reader and generate revenue by generating clicks and shares. Recent examples of fake news include one saying that the pope endorsed President Donald Trump and another that said Hillary Clinton sold weapons to ISIS.
The fake news page below was made to look like a real Forbes page. This fake content was tweeted, posted on Facebook, promoted through search engine ads and the like.
Another example of fake news or information relies on the end-user responding to a call to action, and then inadvertently giving away sensitive information.
Do you want a free bottle? First, you just have to fill in all of your personal information:
No surprise, the free bottle never arrives, and the end user has now willingly shared a significant amount of personal information with who knows what cybercriminal, who knows where.
A More Complex Problem
What we are seeing today is reminiscent of, and very similar to, the phishing attacks of 2002. Back then, no one would have predicted how harmful those phishing attacks could be.
Today, offenders are in pursuit of relevant information, such as scandalous headlines, that will enable them to successfully launch and monetize fraudulent attacks. Criminals can now control the ads we see, social media profiles and content and hence, the news we see. They are taking advantage of the ways in which we access information, which controls what we see and to some extent where we go in the cyber world.
Technology is available to build on-the-fly the content that the user wants to see, the content that will capture the end-user’s attention and the calls to action that promote clicks. Are you active in the Catholic church, clicking on websites and following related content on social media? Then when you see a “story” about the pope endorsing Donald Trump for the presidency, you’re more likely to click on it to read more. In most cases, the offenders are in our devices knowing and predicting where we’re going to click next.
It’s increasingly difficult for an end-user to identify if what they are seeing on a mobile phone, tablet or laptop is really coming from a legitimate company. Moreover, the popularity of social media only exacerbates the spread of these fictitious stories, but it’s not just the news industry that suffers from this type of false information. Any company can be negatively impacted by online attacks impersonating brands, logos, websites, social media pages, employees and more. Thus, the concept of digital trust will gain significant relevance this year.
How Can Organizations Establish Trust?
As we move into this new world, proactive monitoring of brands and digital assets are more relevant than ever. Customers expect organizations in the public and private sector to take measures against cybercriminals, especially if that organization facilitates digital interactions and transactions.
Billionaire Warren Buffett knows the importance of a company’s image, and how quickly it can be tarnished. “It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently,” Buffett said.
Criminals aim to pollute various digital channels and interact with customers. A proactive approach will save: thousands of dollars needed to recover after an attack, the extra resources needed to quell a crisis and a brand’s reputation.
So how can organizations ensure digital threat protection? How can they do things differently?
It all starts with implementing a proactive strategy to combat specific threats. Businesses need to:
- Constantly monitor and analyze email, web and social media channels with custom and dataset integration for attacks.
- Partner with an external threat protection provider that triages and analyzes data at scale through modern techniques such as machine learning, ensuring threats are identified and eliminated as quickly as possible.
- Establish a rapid takedown process to minimize the impact of an attack on customers and employees.
- Implement a multi-layered approach that addresses the entire fraud lifecycle, preventing and detecting attacks.
Clearly, the news industry should not be the only vertical concerned with the spread of misinformation. It’s no secret that a business with an unsavory reputation can suffer financial loss. Companies need to focus on the future, not the fear of fraud.
Learn more about effective digital threat protection here.