Phishing causing real harm to brands

Banks' reputations are the hardest hit when it comes to phishing

A nationwide UK study has shown the extent to which phishing attacks can damage a company's reputation.

Nearly half of the 2,000 respondents to a YouGov survey said that they thought less of a company if they had received a phishing email claiming to represent the business.

"Earlier research into the effect of phishing on individuals found that consumers were extremely concerned about falling victim to such a scam," said Neil Cook, UK technology chief at email security firm Cloudmark, which commissioned the survey.

"But well-known brands are also suffering, and phishing attacks are having a detrimental effect on their reputation. This knock-on effect will be particularly worrying for the banks, which rely on a high degree of trust with their customers."

Unsurprisingly banks' reputations are the hardest hit when it comes to phishing. Over 40 per cent of respondents said that a phishing email about their bank would put them off.

A similar percentage felt the same about their ISP, 36 per cent about an online shopping site and 33 per cent about a social networking site.

However, some banks believe that responsibility for countering phishing attacks lies with the ISPs.

"While awareness of the problem is essential, it is unrealistic to expect businesses to secure themselves fully against such sophisticated criminal activities," said Nigel Stevens, product director at telecommunications company Thus.

"The increasingly dynamic and transient nature of the latest threats requires a combination of desktop protection at the client level, and accurate message filtering from ISPs.

"By including comprehensive phishing detection, ISPs will help ensure protection against the latest threats and outbreaks."

However, the survey found that 26 per cent of UK consumers believe that they bear the primary responsibility for not getting hooked by phishing attacks.

Around 23 per cent believe that their ISP is the most responsible, and 17 per cent believe that the attacker's ISP and email service provider holds the greatest responsibility.